Search Results for: buffer overflow
Root Cause Analysis – Integer Overflows
Table of ContentsForewordIntroductionAnalyzing the Crash DataIdentifying the Cause of ExceptionPage heapInitial analysisReversing the Faulty FunctionDetermining ExploitabilityChallengesPrerequisitesHeap BasicsLookaside ListsFreelistsPreventative Security MeasuresSafe-UnlinkingHeap CookiesApplication Specific ExploitationThoughts on This AttackGeneric Exploitation MethodsLookaside List OverwriteOverviewApplication Specific TechniqueWhy Not?Brett Moore: Wrecking Freelist[0] Since 2005Freelist[0] Insert AttackOverviewApplication Specific TechniqueWhy Not?Freelist[0] Searching AttackOverviewApplication Specific TechniqueWhy Not?ConclusionRecommended Reading Foreword Over the past few years, […]
HITB2014AMS – Day 1 – Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing
Vulnerability Hunting Active security testing, Fabien explains, is the process of generating input which travel in the application, hit a sink and violate a property. It applies to all kinds of vulnerabilities, not just limited to buffer overflows or memory corruption bugs. Blackbox and whitebox/greybox testing (both static and dynamic) are ways to perform […]
Root Cause Analysis – Memory Corruption Vulnerabilities
Introduction For the past year or so I’ve spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes. Early on in my research I quickly realized that building fuzzers and generating large quantities of crashes, even for heavily targeted applications, was easy. However, determining the exploitability of these crashes, […]
HITB2012AMS Day 2 – PostScript – Danger Ahead
Good morning everyone, welcome back at Hack In The Box 2012 Amsterdam ! Before looking at the first talk that I attended today, I would like to mention that you can find copies of the talks and materials on the hitb.org website. Files are made available right after a talk or lab finishes, you […]
BlackHat EU 2012 – Day 3
Good morning, Since doing live-blogging seemed to work out pretty well yesterday, I’ll do the same thing again today. Please join in for day 3 at BlackHat Europe 2012, in a cloudy and rainy Amsterdam. The first talk I attended today was : “Secure Password Managers” and “Military Grade Encryption” on Smartphones Andrey Belenko and […]
BlackHat EU 2012 – Day 2
Welcome back friends, at day 2 of BlackHat Europe 2012, held in the Grand Hotel Krasnapolsky in the wonderful city of Amsterdam. Today, I’m going to do things slightly different. I will try to post write-ups immediately after a presentation (and I’ll add in pictures later). I will basically update this page all the […]
Debugging Fun – Putting a process to sleep()
Recently I played with an older CVE (CVE-2008-0532, http://www.securityfocus.com/archive/1/489463, by FX) and I was having trouble debugging the CGI executable where the vulnerable function was located.
Continue reading