If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: http://www.godblock.com/#what "block sexual, and psychologically harmful material" like "holy texts". Protect "from being indoctrinated"
- wishinet: Load average: 23.69 20.11 14.95 - jepp, this is obviously bad.
- wishinet: http://img2.moonbuggy.org/imgstore/ethernet-killer.jpg
- wishinet: According to my 400d stats the most viewed page at my blog is phpids's xss warning. You can do better! :)
- wishinet: I'm super-hungry after some meditation... guess this isn't normal. :-) 0xf000000d
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
Python
0x41 - back to bugs
Sun, 05/30/2010 - 15:54 | wishi
COTS - there's a similar German word
The typical Windows scenario, Common Of The Shelf binary, leads to reverse engineering the target application to gain insight. Finding vulnerabilities can be a time-consuming task. Here're some motivating techniques to save tons of time.
Don't give up, just because...
The general methodology is quite self-explaining - similar for every audit process:
- behavior analysis:
- how does the target look like,
- which dialogues occur,
- which files are required, what are the paths,
- installer process,
- uninstall process,
Tags: 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
Sat, 04/10/2010 - 21:36 | wishi
The hardended heap
What a long headline...
The attack surfaces of modern NT 6 systems shifted. Nowadays there's no generic way to bypass heap protection mechanisms. There're many requirements to meet to exploit vulnerabilities with current approaches. In the following this is a about attacking heap data (application specific) and not heap metadata (generic).
The Heap and its Memory API
0x41 - weekly exploitation matters - Shellcode and frameworks
Sun, 03/28/2010 - 13:50 | wishi
A non Un-Shakespearian matter
There're mainly two things I wanted to write about regarding Shellcode. However my time is limited... and therefore I kept it short and simple this time.
The two things this mainly is about are:
- dnscat
- (lesser known) Shellcode tools
If your exploit is a rocket, it targets the vulnerable entry point, and the rocket's load is the Shellcode. Normally, when it comes to memory corruptions due exploitation attempts, the program flow alteration directs the EIP into this (pay)load. So instead of crashing your program continues doing what you wanted it to do.
At the point where the EIP doesn't get NOPs e. g. it expects carefully formated instructions (read: Shellcode).
0x41 - weekly exploitation matters - Heap overflow fundamentals
Tue, 03/23/2010 - 20:32 | wishi
Stack buffer overflows are extinct
Exploiting stack buffer overflows on modern operating systems is harder these days, because lots of mitigations are to overcome.
For example on Windows there's not only /GS - which is activated by default on Visual Studio nowadays - but also nx stack pages, ASLR, DEP and what not. This may lead to return-oriented attacks, but I personally think that even secure programming has improved in case of stack buffer overflows. So they're rare and relatively cumbersome to exploit, because they're understood and mitigated.
PyQt and a SSH upload droplet
Fri, 01/15/2010 - 13:26 | wishi
Modern GUIs need Drag and Drop
The following is an example for a drag & drop action with PyQt4. It uses paramiko for SSH interactions. I'm well aware that it won't work on Windows that way. But that's a Windows problem. I'm also well aware that there's a password in this file. Give it a try.
The source is at GitHub. The indention seems to be broken there. But that's a GitHub problem. It seems to be broken here, too. But that's a Drupal problem. ;). Actually it isn't even a problem.
Just the imports. The os module is necessary if you want paramiko to use your private ssh-key. The sys module is needed due argv:
- #ff7700;font-weight:bold;">import #dc143c;">sys
- #ff7700;font-weight:bold;">import paramiko #808080; font-style: italic;"># for ssh
- #ff7700;font-weight:bold;">import #dc143c;">os
- #ff7700;font-weight:bold;">from PyQt4 #ff7700;font-weight:bold;">import QtGui, QtCore
Best of securitytube for RE and security
Sun, 09/13/2009 - 14:22 | wishi
A collection of tutorials, videos and fun
I think it's an amazing site. There're many video tutorial sites these days. However the quality differs a lot. In the following I listed stuff I like so far. Feel invited to watch everything:
Programming
Python programming course from MIT - the advanced stuff may be of some interest, however it starts of with fairly trivial and introductorily mentioned stuff.
