Category Archive for: ‘Exploit Development’

  • Ms11080 Shell

    MS11-080 – A Voyage into Ring Zero

    Every patch Tuesday, we, like many in the security industry, love to analyze the released patches and see if any of them can lead to the development of a working exploit. Recently, the MS11-080 advisory caught our attention as it afforded us the opportunity to play in the kernel and try to get a working privilege escalation exploit out of it.

    Read More →
  • 2011 Training Blog

    Advanced Windows Exploitation Updated

    Our Advanced Windows Exploitation (AWE) live course in Columbia, Maryland is fast approaching with a start-date of October 24. Not only is the first time we have offered this training outside of BlackHat, it is also the first time we are able to offer a full 5 days of training and a limited number of seats are still available for this intense course.

    Read More →
  • Winamp Blog Exploit

    Winamp 5.58 Exploit Development

    The guys at the Exploit Database posted an awesome writeup on a Winamp 5.58 Exploit Development storming session – with some really cool results. In the end, they ended up writing a short assembly sequence to walk through the payload and replace bad characters with original shellcode bytes. Read more – Winamp 5.58 from Dos to Code Execution

    Read More →

  • Adobe Shockwave player rcsL chunk memory corruption 0day

    It’s not often we wake up and find a massive 0day submitted to the Exploit Database – but today was different. Abysssec security released an Adobe Shockwave player 0day. We verified the exploit as part as our verification process in the Exploit database and made a short movie to demonstrate the the vulnerability.

    Read More →
  • Osx Exploit Paul

    Evocam Remote Buffer Overflow on OSX

    This guide comes from my own journey from finding a buffer overflow in an OS X application to producing a working exploit. I have reasonably good exploit development skills having completed the Penetration Testing with BackTrack and Cracking the Perimeter training courses, and working on several buffer overflow exploits. The majority of my exploit development skills are based around Windows vulnerabilities and using the OllyDBG debugger.

    Read More →
  • Php7

    Return Oriented Exploitation (ROP)

    For all those who registered to AWE in BlackHat Vegas 2010 – we have special surprise for you… We’ve updated our “Bypassing NX” module with the buzzing ROP exploitation method.

    Read More →

  • QuickZip Stack BOF : A box of chocolates – part 2

    Today (as promised in part 1 of the QuickZip Stack BOF exploit write-up), I will explain how to build the exploit for the quickzip vulnerability using a pop pop ret pointer from an OS dll. At the end of part 1, I challenged you, the …

    Read More →
  • Image121

    QuickZip Stack BOF 0day: a box of chocolates

    A few days ago, one of my friends (mr_me) pointed me to an application that appeared to be acting somewhat “buggy” while processing “specifically” crafted zip files.  After playing with the zip file structure for a while (thanks again, mr_me, for documenting the zip file …

    Read More →

  • Multiple Media Player HTTP DataHandler Overflow

    We recieved an interesting submission today at exploit-db from Dr_IDE. We have verified that both Quicktime and Itunes crash on Windows and OSX. The description reads: “There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have …

    Read More →

  • Microsoft IIS FTP 5.0 Remote SYSTEM Exploit

    A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at http://milw0rm.com/exploits/9541, A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small …

    Read More →
Page 1 of 212»