Thursday, June 11, 2009

Bypassing DEP on Win2003 SP2

David Kennedy “ReL1K” published
Bypassing Hardware based Data Execution Prevention on Windows 2003 Service Pack 2 PDF (497KB)

Good, you can learn from David experience writing an exploit for Windows 2003 SP2. This is the kind of research you have to do to exploit a simple buffer overflow in modern operating systems with protections. What he does manually in this article sometimes is harder or impossible without the help of some automated tool to analyze thousand of different system modules.

Friday, April 17, 2009

Project Shellcode

The first stage of Project Shellcode aims to become the knowledge base for all shellcode related resources, including white papers, tutorials, tools, links, assembly code, and of course shellcode.
Is not clear if the project is active or not.

Friday, January 2, 2009

Return-Oriented Programming: Exploits Without Code Injection

...We describe return-oriented programming, a generalization of return-into-libc that allows an attacker to undertake arbitrary, Turing-complete computation without injecting code.New computations are constructed by linking together code snippets that end with a “ret” instruction. The ret instructions allow an attacker who controls the stack to chain instruction sequences together. Because the executed code is stored in memory marked executable, W^X and DEP will not prevent it from running.