hammackj - Using WinDbg for Exploit Development Notes
Using WinDbg for Exploit Development Notes The following are some notes that I found useful when using windbg for exploit development. Setting up the symbols! 0:001> .sympath SRV*http://msdl.microsoft.com/download/symbols Symbol search path is: SRV*http://msdl.microsoft.com/download/symbols Expanded Symbol search path is: srv*http://msdl.microsoft.com/download/symbols 0:011> .reload Reloading curr
GameGazフォーラム • トピック - $raレジスタをコントロールしないexploitの判別について
ある程度自分で「単なるクラッシュ」なのか「もしかすると何とかなるかもしれないクラッシュ」の見分けがつくようになってもらいたいので、以前ここに投稿したものに加筆したものですがトピックとして立てておきます。 セーブデータ内に"aaaa"を入れることでバッファーオーバーフローにより$raに0x61616161が現れるのはexploitです。 例えば コード: 全て選択Exception - Bus error (instr) Thread ID - 0x0485F51F Th Name - main Module ID - 0x0487572B Mod Name - USODAYON EPC - 0x61616160 Cause - 0x10000018 BadVAddr - 0xFED9D88C Status - 0x60088613 zr:0x0000000
[PDF] Keegan McAllister "Writing kernel exploits"
This webpage was generated by the domain owner using Sedo Domain Parking. Disclaimer: Sedo maintains no relationship with third party advertisers. Reference to any specific service or trade mark is not controlled by Sedo nor does it constitute or imply its association, endorsement or recommendation.
Bypassing EMET’s EAF with custom shellcode using kernel pointer – GreyHatHacker.NET
Recently I have been testing out Microsoft’s “Enhanced Mitigation Experience Toolkit” (EMET) tool for exploit mitigation. This is a free tool and is designed to harden or secure applications without having to recode them. One exploit I used to test was Adobe Flash’s “Action script type confusion” vulnerability (CVE-2010-3654). This vulnerability affects version 10.1.53.64 and below. I used the exp
Homepage One - exploit-exercises.com
How to Learn Programming Properly: The Franklin Method The main problem in self-learning is the lack of a systematic approach. It is difficult to know what to teach first and what second, and in what order. Self-study The self-taught path is a “poke method", communication on forums, searching for like-minded people, going to conferences and get-togethers-meetups. This is the way of the samurai.
Analysis of the jailbreakme v3 font exploit - Sogeti ESEC Lab
Two weeks ago, comex released the third version of jailbreakme. Two exploits are used to jailbreak Apple devices by opening a PDF file in the MobileSafari browser: initial code execution is obtained through a vulnerability in the Freetype Type 1 font parser, allowing subsequent exploitation of a kernel vulnerability to disable code signing enforcement, get root privileges and "install" the jailbre
Open Security Training - Security and Hacking Tools
Objective We started SecurityTube.net in mid 2008 to serve as a place for sharing knowledge in computer and network security topics. The below videos created by our team over the last 2 years is the first step in that direction. Hope you like them! Video Series Assembly Language Primer for Hackers Series (Linux) Assembly Primer for Hackers (Part 1) System Organization http://www.securitytube.ne
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
https://www.blackhat.com/presentations/bh-europe-09/Lineberry/BlackHat-Europe-2009-Lineberry-code-injection-via-dev-mem.pdf
Free Online ROP Gadgets Search
Advantech/Broadwin HMI/SCADA WebAccess(6.x.x, 7.x.x) universal network RPC exploit.
Site en construction
https://jon.oberheide.org/files/infiltrate12-thestackisback.pdf
https://users.suse.com/~krahmer/no-nx.pdf
rcvalle (Ramon de C Valle) · GitHub
Kernel Pool Exploitation on Windows 7
gruba
Google Code Archive - Long-term storage for Google Code Project Hosting.
OllyDbg | Infosec
Debugging Fundamentals for Exploit Development | Infosec
Exploiting windows vectored exception handling - State of the Art