Syndicate

Syndicate content

Flattr


Flattr this
If you like this, you can use flattr. ;)

Imprint

About
eMail: wishinet at gmail . com
PGP ID: 0xCCCA5E74

Jabber: wishi@jabber.ccc.de

Home

conference materials

0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge

Sat, 04/10/2010 - 21:36 |  wishi

The hardended heap

What a long headline...

The attack surfaces of modern NT 6 systems shifted. Nowadays there's no generic way to bypass heap protection mechanisms. There're many requirements to meet to exploit vulnerabilities with current approaches. In the following this is a about attacking heap data (application specific) and not heap metadata (generic).

The Heap and its Memory API

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, conference materials, Exploits, IT security science, Python, Windows security, wishi's weekly squib

Best of securitytube for RE and security

Sun, 09/13/2009 - 14:22 |  wishi

A collection of tutorials, videos and fun

I think it's an amazing site. There're many video tutorial sites these days. However the quality differs a lot. In the following I listed stuff I like so far. Feel invited to watch everything:

Programming

Python programming course from MIT - the advanced stuff may be of some interest, however it starts of with fairly trivial and introductorily mentioned stuff.

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: conference materials, Exploits, haq tutorial, IT security science, Linux, pentesting, Python, Reversing, Security Tools, Unix, Windows security

MacOS Software Auditing - some ways

Tue, 08/04/2009 - 15:50 |  wishi

Apple developers left doors open. Threats come out.

About the idea

Currently I'm doing some research on vulnerability discovery techniques, speaking of black-boxing, white-boxing and yes... gray boxing, too. These are general code-review techniques for source-code auditing, automated function-auditing and formal software verification.

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: C, C++, conference materials, Exploits, IT security science, Python, Reversing, Security Tools, wishi's weekly squib

BinVis re-released - Visual Reverse Engineering and Forensics

Thu, 07/16/2009 - 17:31 |  wishi

Visual Reverse Engineering and Forensics

Actually I'm extending the functionality of BinVis. It now has got a new Google Code repository here.
The initial upload just contained Greg Conti's original files. However now it's released under GPL and therefore I've got the opportunity too add new sweet features.

Plans

At "Hacking At Random" I'll release a Mono-based version (with fixed compatibility issues especially for MacOS). This version will not have new features.

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: conference materials, Reversing

Security researchers who care

Wed, 06/17/2009 - 08:53 |  wishi

Teaching?

What took the most of us to learn,
is what we teach best.

I found a good collection of IT security specific learning materials. Even if you're an old hand in the fields, you might catch something new, nevertheless I guess it's a university course intended for starters.

Introduction and Source Code Analysis, Dan Guido
Reverse Code Engineering, Stephen A. Ridley
Memory Corruption, Dino Dai Zovi
Fuzzing, Mike Zusman
Client-side attacks and Post-Exploitation, Dean De Beer
Web Hacking, Erik Cabetas

Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: conference materials, Exploits, haq tutorial, IT security science, Malware, pentesting, Reversing, Security Tools

Securing over the top - in depth vs. just sketchy

Thu, 06/11/2009 - 17:57 |  wishi

About good people in IT being too good and bad guys playing better


Bugs flew in the Eniac and caused errors. Since ages bugs cause trouble in IT. Now it's time to exterminate them?




Read more »
wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: conference materials, pentesting, Security Tools

Easy AI programming in Python

Wed, 05/13/2009 - 14:46 |  wishi

At PyCon 2009 this was presented two weeks ago. Sounds kind of interesting. More here.

wishi's blog |  Add new comment |  1+[encrypted]+#b94+ |  Tags: conference materials, Python
Inhaltlich Verantwortlicher gemäß § 10 Absatz 3 MDStV, § 5 TMG, § 55 RfStV: Marius Ciepluch - Schauenburger Weg 5a - 23556 Lübeck
Aus Datenschutzgründen habe ich weder offiziellen noch behördlichen Schriftverkehr via eMail.

Save the nature. Don't print this!


I provide textual exports for every blog entry. However let's save the nature together. The nature is everything around us. Every being should be respected. Save the nature - don't print too much.


Die Umgehung dieser Ausdrucksperre ist nach § 95a UrhG verboten!
Inhaltlich Verantwortlicher gemäß § 10 Absatz 3 MDStV: Marius Ciepluch - Anschrift via eMail. Die eMail Adresse entnehmen sie dem Impresseum dieser englischsprachigen Seite.
Aus Datenschutzgründen habe ich weder offiziellen noch behördlichen Schriftverkehr via eMail. Dazu ist die postalische, beim Dienstleister hinterlegte, Anschrift zu verwenden.

Datenerfassung

Es werden keine personenbezogenen Daten erfasst. Logdaten werden anonymisiert.