Wednesday, April 16, 2008

PHRACK #65


April 2008
by The Circle of Lost Hackers


0x01 Introduction TCLH
0x02 Phrack Prophile of The UNIX Terrorist TCLH
0x03 Phrack World News TCLH
0x04 Stealth Hooking: another way to subvert the Windows kernel mxatone
ivanlefou
0x05 Clawing holes in NAT with UPnP felinemenace
0x06 The only laws on Internet are assembly and RFCs Julia
0x07 Hacking the System Management Mode BSDaemon, coideloko, d0nand0n
0x08 Mystifying the debugger for ultimate stealthness halfdead
0x09 Australian Restricted Defense Networks and FISSO The Finn
0x0a Phook - The PEB Hooker shearer & dreg
0x0b Hacking the $49 Wifi Finder openschemes
0x0c The art of exploitation: Samba WINS stack overflow max_packetz
0x0d The Underground Myth anonymous
0x0e Hacking your brain: Artificial Conciousness -C
0x0f International scenes various

Monday, April 14, 2008

Aplication-Specific Attacks - Leveraging the ActionScript Virtual Machine

Memory corruption vulnerabilities are becoming increasingly difficult to exploit, largely due to the protection mechanisms being integrated into most modern operating systems. As general protection mechanisms evolve, attackers are engaging in more specific, low-level application-targeted attacks. In order to refine general countermeasures (or at least raise awareness of their shortcomings), it is important to first understand how memory corruption vulnerabilities are exploited in some unique scenarios.

[...]

Aplication-Specific Attacks - Leveraging the ActionScript Virtual Machine by Mark Dowd PDF

Saturday, April 5, 2008

gcc silently discards some wraparound checks...buf+len < buf?

David LeBlanc's Web Log
Vulnerability Note VU#162289

Basically, what it says is that code which looks like this:


char *buf;
int len;

gcc will assume that buf+len >= buf.

As a result, code that performs length checks similar to the following:

len = 1<<30;
[...]
if(buf+len < buf) /* length check */
[...perform some manipulation on len...]

are compiled away by these versions of gcc