Who we were

We were an organization founded in 2004 by three security researchers in Brazil—Adriano S de Lima, Ramon de C Valle, and Rodrigo R Branco. Our specialties included network security solutions, vulnerability research, exploit development, source code auditing, reverse engineering, penetration testing, intrusion detection, and computer forensics.

Advisories

  1. [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability
  2. [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability
  3. [RISE-2009001] ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow Vulnerability
  4. [RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path() Buffer Overflow Vulnerability
  5. [RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability
  6. [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities
  7. [RISE-2007002] Borland InterBase Multiple Buffer Overflow Vulnerabilities
  8. [RISE-2007001] Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability
  9. [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability
  10. [RISE-2006001] X11R6 XKEYBOARD extension Strcmp() buffer overflow vulnerability

Articles

  1. Dynamic Program Analysis and Software Exploitation, From the crash to the exploit code (Phrack Magazine)
  2. Hacking the Cell Broadband Engine Architecture, SPE software exploitation (Phrack Magazine)
  3. Linux On Power/Cell BE Architecture Buffer Oveflow Vulnerabilities
  4. LoP/Cell/B.E.: Buffer overflow vulnerabilities, Part 1 (IBM developerWorks)
  5. LoP/Cell/B.E.: Buffer overflow vulnerabilities, Part 2 (IBM developerWorks)
  6. Linux Slab Allocator Buffer Overflow Vulnerabilities
  7. Linux Slab Allocator Buffer Overflow Vulnerabilities (IBM developerWorks Brasil)
  8. System Management Mode Hack, Using SMM for "Other Purposes" (Phrack Magazine)

Exploits

  1. Linux sock_sendpage() NULL pointer dereference (3)
  2. Linux sock_sendpage() NULL pointer dereference (2)
  3. Linux sock_sendpage() NULL pointer dereference
  4. Windows Animated Cursor Stack Overflow Exploit
  5. X11R6 XKEYBOARD extension Strcmp() for SCO UnixWare 7.1.3 x86
  6. X11R6 XKEYBOARD extension Strcmp() for Sun Solaris 8 9 10 x86
  7. X11R6 XKEYBOARD extension Strcmp() for Sun Solaris 8 9 10 SPARC

Metasploit modules

  1. AIX SNMP Scanner Auxiliary Module
  2. ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow
  3. Sun Solaris sadmind adm_build_path() Buffer Overflow
  4. Firebird Relational Database isc_attach_database() Buffer Overflow
  5. Firebird Relational Database isc_create_database() Buffer Overflow
  6. Firebird Relational Database SVC_attach() Buffer Overflow
  7. Borland InterBase Services Manager Information
  8. Borland InterBase isc_attach_database() Buffer Overflow
  9. Borland InterBase isc_create_database() Buffer Overflow
  10. Borland InterBase SVC_attach() Buffer Overflow
  11. Samba lsa_io_trans_names Heap Overflow (Linux)
  12. Samba lsa_io_trans_names Heap Overflow (Solaris)
  13. Samba lsa_io_trans_names Heap Overflow (OS X)

Metasploit payloads

  1. AIX Command Shell, Bind TCP Inline
  2. AIX Command Shell, Find Port Inline
  3. AIX Command Shell, Reverse TCP Inline
  4. BSD Command Shell, Bind TCP Inline
  5. BSD Command Shell, Find Port Inline
  6. BSD Command Shell, Reverse TCP Inline
  7. Linux Command Shell, Bind TCP Inline (ppc)
  8. Linux Command Shell, Find Port Inline (ppc)
  9. Linux Command Shell, Reverse TCP Inline (ppc)
  10. Linux Command Shell, Bind TCP Inline (ppc64)
  11. Linux Command Shell, Find Port Inline (ppc64)
  12. Linux Command Shell, Reverse TCP Inline (ppc64)
  13. Linux Command Shell, Bind TCP Inline
  14. Linux Command Shell, Find Port Inline
  15. Linux Command Shell, Reverse TCP Inline
  16. OSX Command Shell, Bind TCP Inline
  17. OSX Command Shell, Find Port Inline
  18. OSX Command Shell, Reverse TCP Inline
  19. Solaris Command Shell, Bind TCP Inline
  20. Solaris Command Shell, Find Port Inline
  21. Solaris Command Shell, Reverse TCP Inline

Projects

StJude_LKM-0.23.tar.gz
Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
StMichael_LKM-0.13-k2.6.tar.gz
StMichael_LKM-0.13-k2.6.tar.gz
StMichael_LKM-0.12-k2.6.tar.gz
StMichael is a Linux Kernel Module that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
unixasm-1.4.0.tar.gz
unixasm-1.3.0.tar.gz
unixasm-1.2.0.tar.gz
unixasm-1.1.0.tar.gz
unixasm-1.0.0.tar.gz
This project contains a set of assembly components for proof of concept codes on different operating systems and architectures. These components were carefully designed and implemented for maximum reliability, following strict coding standards and requirements, such as system call invocation standards, position independent, register independent and zero free code. A special attention was put on code length when designing and implementing them, resulting in the most reliable and shortest codes for such purpose available today.