Digital Security Research Group: ��

�� -�� 2009-2011 ��.

�� , ��, �� , �� , �� , �� . ��-�� , �� , �� 90-� ��.
RBS2009-2011.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "DNS for EVIL" � �� CONFidence Krakov 2011

�� , �� , �� DNS � �� . �� , �� DNS �� , �� . �� , � �� , ��, ��, �� C&C � �� .
dns_shl[1].pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "Forgotten World - Corporate Business Application Systems" � �� BlackHat DC 2011

� �� -�� , � ��, �� , �� , �� . � �� ERP-��.

��
��

Forgotten World - Corporate Business Application Systems (Polyakov,Smith at BlackHat DC).pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "Attacking SAP users with sapsploit Extended 1.1" � �� DEEPSEC

� �� SAP � �� Internet �� ERPSCAN Online. � �� ~30% �� SAP Frontend.
DSECRG SAP SECURITY - Attacking SAP users with sapsploit eXtended 1.1 (DEEPSEC) (1).pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "Attacking SAP users with sapsploit Extended" � �� HITB

�� SAP �� SAP Frontend �� , � �� , �� Stuxnet, �� , � �� -�� SAP.

� �� -�� -�� (ERPSCAN Online), �� Digital Security, �� SAP Frontend � �� .
Alexander Polyakov - Attacking SAP Users with sapsploit Extended.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "�� -��" � �� InfoBez-Expo 2010

Technical Aspects of Bank-Client Security Analysis_rus.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "�� " � �� InfoBez-Expo 2010

Evolution of Penetration Testing_rus.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "ERP Security. Myths, Problems Solutions" � �� SourceBarcelona 2010

ERP Security. Myths, Problems, Solutions.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "Some notes on SAP security" � �� Troopers 2010

� �� , �� 0-day �� SAP. �� .
Troopers10 - Some notes on SAP Security.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "�� Windows" � �� ChaosConstructions2010

Defeating Windows security (ROP)_ru.pptx

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "Attacking SAP users with sapsploit" � �� HITB

HITB - Attacking SAP Users with Sapsploit.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "JIT-Spray Attacks and Advanced Shellcode" � �� HITB

HITB - JIT-Spray Attacks and Advanced Shellcode.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "You can�t stop us: latest trends on exploit techniques"

Confidence2010 ROP and JIT-Spray.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� : �� , �� Lotus Domino

�� Lotus Domino, �� . �� , ��, �� , � �� , � ��, �� , �� , �� . �� , �� , �� , �� , �� Lotus Domino .
Penetration_from_application_down_to_OS_(Lotus_Domino)_ru.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� . �� Apache Geromino

� �� Apache Geromino. �� , �� XSFU (�� ) � Directory Traversal (�� ).
Penetration_from_application_down_to_OS_(Apache Geromino)_ru.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� SAP: �� SAP-��

�� -�� . �� SAP �� , �� . �� , �� SAP � �� , �� , �� SoD �� SAP router, ��, ��, � �� , �� . �� , �� , �� , �� , �� , �� , �� (��). � �� SAP �� , �� , �� , �� SAP-�� , �� , �� SAP ��.
SAP_Security - attacking_SAP_clients_(ru).pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "�� Oracle. �� "

� �� :

* �� Oracle
* ��(Database�Vault,�VPD)
* ��(Oracle�Application�Server,�BI,�SES)
* ��,��
* �� Ġ(Metasploit)
Oracle_security_latest_trends_ruscrypto_2009_ru.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� . �� , �� Oracle

�� Oracle, � �� , �� . �� , �� , � ��, �� DBA, �� EXTProc, Java, Ext Job � ��.
�� , �� , �� , �� ? � �� SQL-�� .
��, �� , �� Oracle, �� , � �� .
Penetration_from_application_down_to_OS_(Oracle Database)_ru.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� . �� , �� IBM Websphere

� �� IBM Websphere.
Penetration_from_application_down_to_OS_(IBM_Websphere)_ru.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "�� SID �� Oracle"

� �� Oracle � � �� . �� , ��, � �� "�� Oracle" � �� . �� , �� , �� . ��, �� Sentrigo, �� . �� , �� DBMS_LOB, DBMS_ADVISOR � ��. �� , �� , �� , �� , �� , �� . �� , �� , �� , � �� . �� SID �� . �� SID �� , �� . � �� Oracle 10g �� SID �� , �� , �� .
Different_ways_to_guess_Oracle_database_SID.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "Digital Security Research Group: �� security-research ��"

� �� : * �� * �� * �� * �� * ��
About_DSecRG.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "�� Windows"

�� Windows �� NT 4.0. �� . �� - �� NTLM, �� (Pass-the-Hash). � ��, �� , �� pth-�� Windows-��. � �� pth-�� shell, �� winexe (�� psexec), �� NTLM-�� (http://www.foofus.net/jmk/passhash.html). �� pth-pwner � �� http://www.dsec.ru/dsecrg/releases/pth-pwner.tar.gz.
Windows_NTLM_vulnerabilities.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "�� Oracle"

�� , �� , �� , �� . �� - �� (��). �� , � �� , � �� , �� , �� . �� Oracle �� . �� , �� , �� , �� .�� Oracle, � �� .
Oracle security.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

�� "�� Web-�� XSS ��"

�� , �� web-�� , �� CMS (Bitrix, runCMS, Mambo), �� (PhpBB, vBulluten), �� (mail.ru, yandex.ru), �� (vkontakte.ru, livejournal.com, liveinternet.ru, myspace.com). �� XSS, �� web-�� (� �� ) � �� Internet Explorer. �� , � �� XSS �� . �� Internet Explorer 7.0 �� , �� .
XSS_in_images_evasion_bypass.pdf

Digital Secruity Research Group — www.dsecrg.ru
Rss: Vulnerabilities, Exploits, News, Publications, Summary

Digital Security Research Group: ����������

���������� ������������ ������������ ����-�������� ���������� �������������� �� ������ 2009-2011 ��.

������ "DNS for EVIL" � ����������� CONFidence Krakov 2011

������ "Forgotten World - Corporate Business Application Systems" � ����������� BlackHat DC 2011

������ "Attacking SAP users with sapsploit Extended 1.1" � ����������� DEEPSEC

������ "Attacking SAP users with sapsploit Extended" � ����������� HITB

������ "����������� ������� ������� ������������ ����-��������" � ����������� InfoBez-Expo 2010

������ "�������� ������ �� �������������" � ����������� InfoBez-Expo 2010

������ "ERP Security. Myths, Problems Solutions" � ����������� SourceBarcelona 2010

������ "Some notes on SAP security" � ����������� Troopers 2010

������ "����� �������� ���������� � �� Windows" � ����������� ChaosConstructions2010

������ "Attacking SAP users with sapsploit" � ����������� HITB

������ "JIT-Spray Attacks and Advanced Shellcode" � ����������� HITB

������ "You can�t stop us: latest trends on exploit techniques"

������������� � �� ����� ����������: ��������� ������� � ��, ��������� ���������� ������� ���������� Lotus Domino

������������ SAP: ����� �� SAP-��������

������ "�������� ������������ ���� Oracle. ��������� ���������"

������������� � �� ����� ����������. ��������� ������� � ��, ��������� ���������� ������� ���������� IBM Websphere

������������ "��������� ������� ��������� SID ���� ������ � ���� Oracle"

������ "Digital Security Research Group: ���� �������� security-research ������"

������ "������������� ����������� ���������� �������������� � �� Windows"

������ "������������ ���� Oracle"

������ "����� ���������� ����������� ����������� � ���� Web-���������� ��� ������������� XSS ����"

Digital Security Research Group: ��

�� -�� 2009-2011 ��.

�� "DNS for EVIL" � �� CONFidence Krakov 2011

�� "Forgotten World - Corporate Business Application Systems" � �� BlackHat DC 2011

�� "Attacking SAP users with sapsploit Extended 1.1" � �� DEEPSEC

�� "Attacking SAP users with sapsploit Extended" � �� HITB

�� "�� -��" � �� InfoBez-Expo 2010

�� "�� " � �� InfoBez-Expo 2010

�� "ERP Security. Myths, Problems Solutions" � �� SourceBarcelona 2010

�� "Some notes on SAP security" � �� Troopers 2010

�� "�� Windows" � �� ChaosConstructions2010

�� "Attacking SAP users with sapsploit" � �� HITB

�� "JIT-Spray Attacks and Advanced Shellcode" � �� HITB

�� "You can�t stop us: latest trends on exploit techniques"

�� : �� , �� Lotus Domino

�� SAP: �� SAP-��

�� "�� Oracle. �� "

�� . �� , �� IBM Websphere

�� "�� SID �� Oracle"

�� "Digital Security Research Group: �� security-research ��"

�� "�� Windows"

�� "�� Oracle"

�� "�� Web-�� XSS ��"