Syndicate

Syndicate content

Flattr


Flattr this
If you like this, you can use flattr. ;)

Imprint

About
eMail: wishinet at gmail . com
PGP ID: 0xCCCA5E74

Jabber: wishi@jabber.ccc.de

Home

C++

0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge

Sat, 04/10/2010 - 21:36 |  wishi

The hardended heap

What a long headline...

The attack surfaces of modern NT 6 systems shifted. Nowadays there's no generic way to bypass heap protection mechanisms. There're many requirements to meet to exploit vulnerabilities with current approaches. In the following this is a about attacking heap data (application specific) and not heap metadata (generic).

The Heap and its Memory API

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, conference materials, Exploits, IT security science, Python, Windows security, wishi's weekly squib

Creating attack-strings, circumventing NX,and just for fun: Ruby

Wed, 10/21/2009 - 12:49 |  wishi

Reach the registers

07A824C2-F7AD-41E5-B8D1-153CC6CDF2FC.jpg
Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, commandline-fun, Exploits, haq tutorial, IT security science, pwnage, Python, wishi's weekly squib

x86 differently: VINE and LLVM-klee

Sat, 09/19/2009 - 13:45 |  wishi

The power of intermediate languages


That's a Pentium I form 1993... and it grows more complex since these days.



x86 for RCE isn't that kewl: you've to cope with CISC, mostly more than 7 general purpose registers, complex memory access operands, flags, condition codes, specific model registers... Even if you know your stuff it's not desirable to spend a hell lot of time reading and hacking x86 while other people have relationships and party hard.

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, Exploits, IT security science, Unix, wishi's weekly squib

Stack is protected: so we don't need secure coding?

Fri, 09/11/2009 - 18:36 |  wishi

Do anti-exploitation strategies displace secure programming?


Rumors say you were able to change the color from blue to red.
Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, IT security science, Linux, Reversing, wishi's weekly squib

About stack-smashing, stack-protections and fun-stuff

Thu, 08/20/2009 - 11:40 |  wishi

"If you don't check inputs you'll code in EWOK in future!"

Stack based frame-pointer overwrites

JAE AE - just another essay about exploits. - Literature as a great variety of books covering these exploitation schematics. Some miss the howto-factor to really do it. Others are simply outdated. (The linked ones are awesome.)

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, Exploits, haq tutorial, IT security science, Reversing

MacOS Software Auditing - some ways

Tue, 08/04/2009 - 15:50 |  wishi

Apple developers left doors open. Threats come out.

About the idea

Currently I'm doing some research on vulnerability discovery techniques, speaking of black-boxing, white-boxing and yes... gray boxing, too. These are general code-review techniques for source-code auditing, automated function-auditing and formal software verification.

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, conference materials, Exploits, IT security science, Python, Reversing, Security Tools, wishi's weekly squib

Valgrind on MacOS X Leopard

Wed, 04/15/2009 - 20:39 |  wishi

No Linux required



Since quite a while I intended to have a look at Valgrind to have some real fun with C, without having to assume where the errors are. Valgrind has been recommended by many very experienced people to me as "the solution". Nevertheless I didn't want a Linux VM. Even with Portable Ubuntu this sucks.

A new perspective for exploit development


Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, commandline-fun, Exploits, Unix
Inhaltlich Verantwortlicher gemäß § 10 Absatz 3 MDStV, § 5 TMG, § 55 RfStV: Marius Ciepluch - Schauenburger Weg 5a - 23556 Lübeck
Aus Datenschutzgründen habe ich weder offiziellen noch behördlichen Schriftverkehr via eMail.

Save the nature. Don't print this!


I provide textual exports for every blog entry. However let's save the nature together. The nature is everything around us. Every being should be respected. Save the nature - don't print too much.


Die Umgehung dieser Ausdrucksperre ist nach § 95a UrhG verboten!
Inhaltlich Verantwortlicher gemäß § 10 Absatz 3 MDStV: Marius Ciepluch - Anschrift via eMail. Die eMail Adresse entnehmen sie dem Impresseum dieser englischsprachigen Seite.
Aus Datenschutzgründen habe ich weder offiziellen noch behördlichen Schriftverkehr via eMail. Dazu ist die postalische, beim Dienstleister hinterlegte, Anschrift zu verwenden.

Datenerfassung

Es werden keine personenbezogenen Daten erfasst. Logdaten werden anonymisiert.