Posts:

Hi all,

I have received a ton of questions regarding a recently published ZDI advisory, which provides some details about a bug I discovered and reported to Microsoft (via ZDI), affecting Internet Explorer 8.  I wanted to take Read more

Good afternoon everyone,

The next talk I will be covering today is presented by Zhenhua ‘Eric’ Liu, Senior Security researcher at Fortinet.

Why doing this type of research.

Facts : Exploiting memory corruption vulnerabilities are more difficult today, Read more

Introduction

Last week, while doing my bi-weekly courseware review and update, I discovered that my heap spray script for Firefox 9 no longer works on recent versions.  Looking back at the type of tricks I had to use to Read more

A lot has been said and written already about heap spraying, but most of the existing documentation and whitepapers focus on IE7 or older versions. Although there are a number of public exploits available that target IE8, the exact technique to do so has not been really documented in detail. Of course, you can probably derive how it works by looking at those public exploits. With this tutorial, I'm going to provide you with a full and detailed overview on what heap spraying is, and how to use it on old and newer platforms. I'll start with some "ancient" techniques (or classic techniques if you will) that can be used on IE6 and IE7. We'll also look at heap spraying for non-browser applications. Next, we'll talk about precision heap spraying, which is a requirement to make DEP bypass exploits work on IE8. I'll finish this tutorial with sharing some of my own research on getting reliable heap spraying to work on IE9. Read more

Fixing missing icons & shortcuts :

Send To "Compressed Folder" is missing :

Click Start->Run In the "open" box, type "cmd" (without the quotes) Click ok Enter the following command and press "return"

rundll32 zipfldr.dll,RegisterSendto

(you should not get Read more