Category Archive for: ‘Exploit Development’

  • Winamp Blog Exploit

    Winamp 5.58 Exploit Development

    The guys at the Exploit Database posted an awesome writeup on a Winamp 5.58 Exploit Development storming session – with some really cool results. In the end, they ended up writing a short assembly sequence to walk through the payload and replace bad characters with original shellcode bytes. Read more – Winamp 5.58 from Dos to Code Execution

    Read More →
  • Adobe Shockwave player rcsL chunk memory corruption 0day

    It’s not often we wake up and find a massive 0day submitted to the Exploit Database – but today was different. Abysssec security released an Adobe Shockwave player 0day. We verified the exploit as part as our verification process in the Exploit database and made a short movie to demonstrate the the vulnerability.

    Read More →
  • Osx Exploit Paul

    Evocam Remote Buffer Overflow on OSX

    This guide comes from my own journey from finding a buffer overflow in an OS X application to producing a working exploit. I have reasonably good exploit development skills having completed the Penetration Testing with BackTrack and Cracking the Perimeter training courses, and working on several buffer overflow exploits. The majority of my exploit development skills are based around Windows vulnerabilities and using the OllyDBG debugger.

    Read More →
  • Php7

    Return Oriented Exploitation (ROP)

    For all those who registered to AWE in BlackHat Vegas 2010 – we have special surprise for you… We’ve updated our “Bypassing NX” module with the buzzing ROP exploitation method.

    Read More →
  • QuickZip Stack BOF : A box of chocolates – part 2

    Today (as promised in part 1 of the QuickZip Stack BOF exploit write-up), I will explain how to build the exploit for the quickzip vulnerability using a pop pop ret pointer from an OS dll. At the end of part 1, I challenged you, the …

    Read More →
  • Image121

    QuickZip Stack BOF 0day: a box of chocolates

    A few days ago, one of my friends (mr_me) pointed me to an application that appeared to be acting somewhat “buggy” while processing “specifically” crafted zip files.  After playing with the zip file structure for a while (thanks again, mr_me, for documenting the zip file …

    Read More →
  • Multiple Media Player HTTP DataHandler Overflow

    We recieved an interesting submission today at exploit-db from Dr_IDE. We have verified that both Quicktime and Itunes crash on Windows and OSX. The description reads: “There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have …

    Read More →
  • Microsoft IIS FTP 5.0 Remote SYSTEM Exploit

    A remote Microsoft FTP server exploit was released today by Kingcope, and can be found at, A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a”useradd” type payload. The main issue was the relatively small …

    Read More →
  • ITunes Reloaded – Getting the Shell

    There goes our Information Security This is part 2 of our previous post about the Itunes exploit for windows. …little did we know that all the payloads being sent have to be pure AlphaNumeric (printable ASCII). The first thing to do is find a Alphanum …

    Read More →
  • ITunes Exploitation Case Study

    When masochism just isn’t enough Our new AWE course is about to go live for the first time, in BlackHat Vegas. We chose the most interesting exploitation cases we’ve encountered, and dove really deep into them. We had many exploits to choose from, some were …

    Read More →
Page 2 of 2«12