I have my own talk from CanSecwest to blog about but this one is more interesting and the most awaited one. So here are the slides, I will add my own analysis and test cases to this blog entry later. Interesting thing is we had this technique discussed on garage in november http://www.garage4hackers.com/f22/wi...innu-3080.html .
Yu Yang @tombkeeper did a demo of the technique on Ms013-08 and it does not ever need a heap spray for his ASLR/DEP bypass
Yea right!
Last week a friend asked few queries regarding use after free vulnerabilities, . It's been a while I wrote a tutorial so taught of cooking a beginners guide this week end. I wanted a live target for the tutorial so my plans were to run my fuzzer on an old version of IE 6, since it is easy to find a bug in and it's not worth to blog out any new versions 0-day. Any way I picked up the first test case IE crashed on and
6 Months back I did a presentation on Mac OSX 64 bit ROP shellcodes at Null Monthly meet, where I took two different session explaining 64 bit architecture in detail and Mac OSX 64 Rop Shellcode. Today I was browsing through some old stuffs and came across the PPT I used back then. The slides only contains the first day's presentation and I can't find the second days PPT.
Am sharing it over here. There is nothing new.
http://www.slideshare.net/RahulSasi2...sx-64ropchains
My ekoparty.org [Argentina] and NU[Delhi] talk and also Ruxcon [Australia] and BlackHat [Abhudabi] which I could't make it .
What is this paper about:
Input validation attacks and memory corruption attacks are common, and the
criticality of finding a DOS attack on a service like HTTP is consider a lot critical
considering the attack surface and easiness of attack. Even if we could trigger an
exception in an
This would be part-1 one of my C0C0n talk , where I demonstrated few PHP 0-days, Local and Remote . The entire concept of the talk was demonstrating attacks on WebApplications via scripting engines.
In a common Webapp test we manipulates Input , that a common end user controls and check for responses from the app. But since these data passed are processed by the PHP,ASP engines that are used to build these apps. We
Forum Threads
Home Page
Find latest posts
View Articles
View Blog Entries
Likes Received (112)
Poizon Web Exploiter 2.0
06-18-2013, 10:34 PM in Tools & Scripts