TESO (Austrian hacker group)

Last updated
Team TESO Logo.gif

TESO was a hacker group, which originated in Austria. It was active from 1998 to 2004, and during its peak around 2000, it was responsible for a significant share of the exploits on the bugtraq mailing list.

Contents

In 2000, some of their members took over phrack magazine and released the first ever hardcover (#57) at HAL2001.

History

TESO Research Lab Research Lab.jpg
TESO Research Lab
TESO Research Lab2 Teso-acp-lab.jpg
TESO Research Lab2

In 1998, Teso was founded, and quickly grew to 6 people, which first met in 1999 at the CCC Camp near Berlin.

By 2000, the group was at its peak, and started speaking on various conferences, wrote articles for Phrack and released security tools and exploits at a very high pace. Some of its exploits only became known after leaking to the community. This included exploits for wu-ftp, apache, and openssh.

2000 First remote vulnerability OpenBSD 2.x - Pending ARP Request Remote Denial of Service [1] in OpenBSD followed by a series of remote exploits against OpenBSD (some co-authored with ADM). Forced OpenBSD to remove the claim from the OpenBSD webpage "7 years without vulnerability"[ citation needed ].

In September 2001 released comprehensive Format String Research Paper [2] by scut describing uncontrolled format string vulnerabilities.

In 2003, the group informally disbanded, and in 2004 the website went down.

Achievements

Quotes

ADM and TESO made almost inappropriately large splashes in the community when they were active. Almost all their exploits were beyond the standard, and at times it seemed they were the ones finding all the new bug-classes. But at their peak, they couldn't have been very large groups. Certainly smaller than the reverse engineering and security group at a good sized IDS/IPS company these days.

Dave Aitel, Founder of Immunity, Inc. [3]

Members and name

The original crew from left to right: Typo (Paul Bohm), Scut, Oxigen, Edi, Hendy Teso Crew 1999 at CCC Camp.jpg
The original crew from left to right: Typo (Paul Bohm), Scut, Oxigen, Edi, Hendy

The name originally was an acronym of the nicknames of the original founders (typo, edi, stanly, oxigen), but as many of the most skilled members joined later, this interpretation quickly became meaningless. Teso originally and during its peak was a small and tightly knit group. A full list of members does not appear to exist, but if public sources can be trusted, at least the following members existed:

See also

Related Research Articles

<span class="mw-page-title-main">Buffer overflow</span> Anomaly in computer security and programming

In programming and information security, a buffer overflow or buffer overrun is an anomaly whereby a program writes data to a buffer beyond the buffer's allocated memory, overwriting adjacent memory locations.

The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

In hacking, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient. However, attempts at replacing the term have not gained wide acceptance. Shellcode is commonly written in machine code.

<span class="mw-page-title-main">Nmap</span> Network scanner

Nmap is a network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

<span class="mw-page-title-main">ARP spoofing</span> Cyberattack which associates the attackers MAC address with the IP address of another host

In computer networking, ARP spoofing is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

md5sum is a computer program that calculates and verifies 128-bit MD5 hashes, as described in RFC 1321. The MD5 hash functions as a compact digital fingerprint of a file. As with all such hashing algorithms, there is theoretically an unlimited number of files that will have any given MD5 hash. However, it is very unlikely that any two non-identical files in the real world will have the same MD5 hash, unless they have been specifically created to have the same hash.

Uncontrolled format string is a type of code injection vulnerability discovered around 1989 that can be used in security exploits. Originally thought harmless, format string exploits can be used to crash a program or to execute harmful code. The problem stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf . A malicious user may use the %s and %x format tokens, among others, to print data from the call stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf and similar functions to write the number of bytes formatted to an address stored on the stack.

The Berkeley r-commands are a suite of computer programs designed to enable users of one Unix system to log in or issue commands to another Unix computer via TCP/IP computer network. The r-commands were developed in 1982 by the Computer Systems Research Group at the University of California, Berkeley, based on an early implementation of TCP/IP.

<span class="mw-page-title-main">Ettercap (software)</span> Network traffic analysis and interception software

Ettercap is a free and open source network security tool for man-in-the-middle attacks on a LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols. Its original developers later founded Hacking Team.

<span class="mw-page-title-main">Solar Designer</span> Russian computer security specialist (born 1977)

Alexander Peslyak, better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the first generic heap-based buffer overflow exploitation technique, as well as computer security protection techniques such as privilege separation for daemon processes.

The Windows Metafile vulnerability—also called the Metafile Image Code Execution and abbreviated MICE—is a security vulnerability in the way some versions of the Microsoft Windows operating system handled images in the Windows Metafile format. It permits arbitrary code to be executed on affected computers without the permission of their users. It was discovered on December 27, 2005, and the first reports of affected computers were announced within 24 hours. Microsoft released a high-priority update to eliminate this vulnerability via Windows Update on January 5, 2006. Attacks using this vulnerability are known as WMF exploits.

<span class="mw-page-title-main">Metasploit</span> Computer security testing tool

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company, Rapid7.

In computer science, session hijacking, sometimes also known as cookie hijacking, is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many websites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer. After successfully stealing appropriate session cookies an adversary might use the Pass the Cookie technique to perform session hijacking. Cookie hijacking is commonly used against client authentication on the internet. Modern web browsers use cookie protection mechanisms to protect the web from being attacked.

<span class="mw-page-title-main">Wireshark</span> Network traffic analyzer

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.

In software, a stack buffer overflow or stack buffer overrun occurs when a program writes to a memory address on the program's call stack outside of the intended data structure, which is usually a fixed-length buffer. Stack buffer overflow bugs are caused when a program writes more data to a buffer located on the stack than what is actually allocated for that buffer. This almost always results in corruption of adjacent data on the stack, and in cases where the overflow was triggered by mistake, will often cause the program to crash or operate incorrectly. Stack buffer overflow is a type of the more general programming malfunction known as buffer overflow. Overfilling a buffer on the stack is more likely to derail program execution than overfilling a buffer on the heap because the stack contains the return addresses for all active function calls.

In computer security, the Zardoz list, more formally known as the Security-Digest list, was a famous semi-private full disclosure mailing list run by Neil Gorsuch from 1989 through 1991. It identified weaknesses in systems and gave directions on where to find them. Zardoz is most notable for its status as a perennial target for computer hackers, who sought archives of the list for information on undisclosed software vulnerabilities.

Przemysław Frasunek is a "white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s, noted for one of the first published successful software exploits for the format string bug class of attacks, just after the first exploit of the person using nickname tf8. Until that time the vulnerability was thought harmless. He serves as the CEO of Redge Technologies.

<span class="mw-page-title-main">OpenBSD</span> Operating system

OpenBSD is a security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.

<span class="mw-page-title-main">Antisec Movement</span> Hacking (computer security)

The Anti Security Movement is a movement opposed to the computer security industry. Antisec is against full disclosure of information relating to software vulnerabilities, exploits, exploitation techniques, hacking tools, attacking public outlets and distribution points of that information. The general thought behind this is that the computer security industry uses full disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software and auditing services.

References

  1. "OpenBSD 2.x - Pending ARP Request Remote Denial of Service". Exploit Database. October 5, 2000. Retrieved October 5, 2024.
  2. http://julianor.tripod.com/bc/formatstring-1.2.pdf
  3. Abdullah on TESO
  4. https://demozoo.org/groups/14942/
  5. http://downloads.securityfocus.com/vulnerabilities/exploits/bsdchpass-exp.c
  6. 1 2 3 http://www.trust-us.ch/phrack/phrack/62/p62-0x04_Prophile_on_scut.txt
  7. http://www.ccc.de/congress/2001/fahrplan/event/255.de.html
  8. "'Re: ISS Security Advisory: Wired-side SNMP WEP key exposure in 802.11b Access Points' - MARC". marc.info. Retrieved October 5, 2024.
  9. 1 2 3 "examples / Network Security Assessment". GitLab. Retrieved 2022-07-21.
  10. http://freeworld.thc.org/root/docs/loadable_kernel_modules/p58-0x06.txt
  11. http://mixter.void.ru/about.html
  12. "Files ≈ Packet Storm". packetstormsecurity.com. Retrieved 2022-07-21.
  13. "Exploiting format strings vulnerabilies Exploiting format strings vulnerabilies paper" (PDF). Retrieved October 5, 2024.
  14. 1 2 "Files ≈ Packet Storm".
  15. "Files ≈ Packet Storm". packetstormsecurity.com. Retrieved 2022-07-21.
  16. "Files ≈ Packet Storm". packetstormsecurity.com. Retrieved 2022-07-21.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.