Clik here to view.
Welcome!
The fact that you are reading this indicates that you and I share a similar passion for exploiting software vulnerabilities. My primary intent with this blog is to motivate myself to learn new...
View ArticleClik here to view.
Leveraging format string vulnerabilities to interrogate Win32 process memory
Although format string vulnerabilities aren't seen as much in the wild these days since they are so easy to spot in source code, I'd like to use this class of vulnerability to demonstrate what...
View ArticleClik here to view.
Post-mortem Analysis of a Use-After-Free Vulnerability (CVE-2011-1260)
Recently, I've been looking into the exploitation of use-after-free vulnerabilities. This class of bug is very application specific, but armed with just the right amount of knowledge these...
View ArticleClik here to view.
Cool kids pop a programmer's calc in their demos
Over time, I've heard several well-respected security professionals mention that you're not really cool unless you can pop a scientific/programmer's calculator when demoing your exploits. I mean, what...
View ArticleClik here to view.
Integrating WinDbg and IDA for Improved Code Flow Analysis
IDA is hands down the best tool for static analysis. Its debugger on the other hand, when compared to the power of WinDbg is certainly lacking, IMHO. As such, I find myself wasting too much time...
View ArticleClik here to view.
Targeted Heap Spraying – 0x0c0c0c0c is a Thing of the Past
Traditionally, heap spraying has relied upon spraying with 0x0C0C0C0C followed by shellcode which serves as both an address in the heap and a series of nops. This however is not extremely reliable. You...
View ArticleClik here to view.
Dropping Executables with Powershell
Scenario: You find yourself in a limited Windows user environment without the ability to transfer binary files over the network for one reason or another. So this rules out using a browser, ftp.exe,...
View ArticleClik here to view.
Stealth Alternate Data Streams and Other ADS Weirdness
I was reading an article on MSDN regarding the naming of files, paths, and namespaces[1] and I discovered some interesting peculiarities regarding the naming and creation of certain files containing...
View Article