Exploit Writing Tutorials (37)

Introduction

For the past year or so I've spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes.  Early on in my research I quickly realized that building fuzzers and generating large quantities Read more

Table of Contents

• Foreword
• Introduction
• Analyzing the Crash Data
• Identifying the Cause of Exception
  • Page heap
  • Initial analysis
• Reversing the Faulty Function
• Determining Exploitability
  • Challenges
  • Prerequisites
  • Heap Basics
    • Lookaside Lists
    • Freelists
  • Preventative Security Measures
    • Safe-Unlinking
    • Heap Cookies
  • Application Specific Read more

Introduction

Hi all,

While preparing for my Advanced exploit dev course at Derbycon, I've been playing with heap allocation primitives in IE.  One of the things that causes some frustration (or, at least, tends to slow me down during Read more

Introduction

Hi all,

Over the course of the past few weeks ago, I received a number of "emergency" calls from some relatives, asking me to look at their computer because "things were broken", "things looked different" and "I think Read more

Introduction

Ok, I have a confession to make, I have always been somewhat intrigued by egghunters. That doesn't mean that I like to use (or abuse) an egghunter just because I fancy what it does. In fact, I Read more

Table of Contents

• Introduction
• Why WinDBG?
  • Symbols?
• Installing WinDBG Classic and WinDBGX
  • Why do we need both?
  • Scripted/automated installation
  • Manual Installation
    • Classic WinDBG
    • WinDBGX
  • Microsoft Symbol Server
  • Verify if both versions work
• Connecting to a process
  • Open executable vs Read more