IT security community

Chapter 6, "Memory Corruption Part II - Heaps" by Mario Hewardt and Daniel Pravat

Fri, 30 Apr 2010 09:22:56 +0200

This chapter explains in detail what the heap is and how it works. It is part of the book "Advanced Windows Debugging" and available on the author's website, free of charge (Sample Chapter).

"Reliable Windows Heap Exploits" by Matt Conover & Oded Horovitz

Wed, 21 Apr 2010 10:20:34 +0200

Must read!

"Windows Heap Overflows" by David Litchfield

Wed, 21 Apr 2010 10:19:21 +0200

The presentation focuses on Windows Heap Overflow Exploitation.

"Third Generation Exploitation" by Halvar Flake

Wed, 21 Apr 2010 10:17:27 +0200

Halvar discusses, among others, Windows Heap Overflows. It is one of the first presentations that focuses on this topic.

Windows Heap Overflow Tutorial

SkillTutos — Mon, 19 Apr 2010 13:35:44 +0200

Soon, we start with our Windows Heap Overflow Tutorial. If you think stack overflows are difficult to understand and exploit, stop reading here. Heap Overflows once were easy to exploit. The so-called "4-Byte Overwrites" are gone. Before we continue with Win XP SP2 or higher, we first start with exploit examples on Windows 2000. As a starting point, we recommend to read the following papers on this topic:

- "Third Generation Exploitation" by Halvar

- "Windows Heap Overflows" by David Litchfield

- "Reliable Windows Heap Exploits" by Matt Conover & Oded Horovitz

- "Memory Corruption Part II - Heaps" by Mario Hewardt and Daniel Pravat

Format String Vulnerability Tutorial

SkillTutos — Sat, 03 Apr 2010 16:30:39 +0200

In this thread, we explain another class of bugs: Format String Vulnerabilities. The target OS is Windows and Mac OS X.

Security stuff we read

SkillTutos — Tue, 30 Mar 2010 20:08:36 +0200

In this blog, we discuss or link to articles, blogs etc. that we find interesting.

Windows Stack Overflow Tutorial

SkillTutos — Sun, 28 Mar 2010 17:27:51 +0200

Today, exploiting software vulnerabilities isn't easy anymore. For beginners, it is almost impossible to understand modern exploitation techniques. There are too many countermeasures implemented and it is hard to catch up with today's attack techniques.

Altough stack overflows are almost gone, at least in professional software products, beginners should start with such "easy" techniques first. This tutorial explains stack overflow vulnerabilities in more detail. We will also discuss and demonstrate how easy or hard it is to bypass countermeasures such as DEP or ASLR. We also talk about heap spraying, binary diffing or how to bypass DEP and ASLR at the same time.

Have fun...

IT-Security News

SkillTutos — Tue, 28 Apr 2009 20:16:16 +0200

The goal of this group is to raise it-security awareness by demonstrating or explaining attack methods and possible countermeasures.

Vulnerability Research / Exploitation Techniques

Patrick — Wed, 18 Mar 2009 19:08:07 +0100