Fb1h2s aka Rahul Sasi's Blog

I have my own talk from CanSecwest to blog about but this one is more interesting and the most awaited one. So here are the slides, I will add my own analysis and test cases to this blog entry later. Interesting thing is we had this technique discussed on garage in november http://www.garage4hackers.com/f22/wi...innu-3080.html .

Yu Yang @tombkeeper did a demo of the technique on Ms013-08 and it does not ever need a heap spray for his ASLR/DEP bypass ...

Yea right!

Last week a friend asked few queries regarding use after free vulnerabilities, . It's been a while I wrote a tutorial so taught of cooking a beginners guide this week end. I wanted a live target for the tutorial so my plans were to run my fuzzer on an old version of IE 6, since it is easy to find a bug in and it's not worth to blog out any new versions 0-day . Any way I picked up the first test case IE crashed on and ...

6 Months back I did a presentation on Mac OSX 64 bit ROP shellcodes at Null Monthly meet, where I took two different session explaining 64 bit architecture in detail and Mac OSX 64 Rop Shellcode. Today I was browsing through some old stuffs and came across the PPT I used back then. The slides only contains the first day's presentation and I can't find the second days PPT .

Am sharing it over here. There is nothing new.

http://www.slideshare.net/RahulSasi2...sx-64ropchains ...

My ekoparty.org [Argentina] and NU[Delhi] talk and also Ruxcon [Australia] and BlackHat [Abhudabi] which I could't make it .



What is this paper about:

Input validation attacks and memory corruption attacks are common, and the
criticality of finding a DOS attack on a service like HTTP is consider a lot critical
considering the attack surface and easiness of attack. Even if we could trigger an
exception in an ...

Tags: dtmf detection, dtmf hacking, fuzzing tool

Categories

‎ Uncategorized

Attached Images

  

This would be part-1 one of my C0C0n talk , where I demonstrated few PHP 0-days, Local and Remote . The entire concept of the talk was demonstrating attacks on WebApplications via scripting engines.

In a common Webapp test we manipulates Input , that a common end user controls and check for responses from the app. But since these data passed are processed by the PHP,ASP engines that are used to build these apps. We ...

Tags: php 5.4.3 exploit, php exploit

Categories

‎ Uncategorized

I stopped blogging when I realized that the articles I put up here could be turned into papers and I could use that to speak at conferences[#travel-the-world #meet-people ] . And therefore frequency of my blogging came down. Anyways this a real incident that happened to me yesterday, not much of technical content but a good read if you'r interested in physical security devices.

I Was trapped between two RFID doors for 5 long hrs without my access cards yesterday and I finally broke ...

Tags: rfid doors, rfid hack

Categories

‎ Uncategorized

Here goes my second part the HITB ventures , could read the BLackhat diary form here.

I was in Europe twice this year , in March for BlackHat Presenting on IVR Security. And in May for HITB presenting on "CXML VXML Auditing" . So now many months since these conferences have ended and I finally got some time, I have managed to write up my thoughts on them.
...

I was pretty caught up with few office, personal stuffs that I could not find time to blog on my BlackHat ventures .


I was in Europe twice this year , in March for BlackHat Presenting on IVR Security: Internal Network Attack via Phone Lines. And in May for HITB presenting on "CXML VXML Auditing" . Both the events were fun and met lot of Hacker Ninjas, and that ...

There was a good article released by Joni on MS11-046 vulnerability based on a malware he analysed .
http://www.exploit-db.com/wp-content...docs/18712.pdf
So I taught of spending my staurday night building an exploit for this .

Windows [not sure about Win 7] lets Mapping of 0x00000000 in user space, and this particular vulnerability windows fix [Ms011-46] was by adding a simple check for Null Pntr in the AFD.sys, which I find odd, so I assume Win 7 it would ...

Tags: ms11-046, ms11-046 exploit

Categories

‎ Uncategorized

Am putting down Demo videos along with few important slides form my BlackHat 2012 presentation .

My presentation were in HTML 5 and am putting down Demo Presentations here. I will upload the HTML5 presentation some were or you could download them form

https://media.blackhat.com/bh-eu-12/...urity-Tool.zip

For Better understanding about these demos go through the html 5 slides


...

Tags: auditing ivr, ivr hacking, pen-testing ivr

Categories

‎ Uncategorized