As you may have noticed, Zone-H got defaced in the night between Dec 21st and Dec 22nd. This was an elaborated attack that was possible (as most of the past Zone-H incidents), starting with the exploitation of the human factor.
Zone-H has written up a full incident analysis report on this.
I hope everyone has a Happy Holidays!
This is a tutorial about writing exploit. We will use Mrinfo.exe Buffer for learning. nice paper for noobs . step by step with pictures . source : coromputer.net (read more …) (more…)
in this paper Trirat Kira explain how to develop exploit MS06-040 that attack against Windows Server 2003 SP0, especially how to break the stack-based buffer overflow protection mechanism in Windows Server 2003 SP0.
read more …
milw0rm papers is a good archive for nice papers. (thx to str0ke for made this archive).
recently posted a paper about Bypassing Windows Heap Protections by falliere .
read this paper : milw0rm.com
CERT Secure Coding web site exists to support the development of secure coding standards for commonly used programming languages such as C and C++. These standards are being developed through a broad-based community effort including the CERT Secure Coding Initiative and members of the software development and software security communities.
(more…)
This paper explains about Exploting Heap Based format strings & about Brute Froce attacks in this method .
Phrack 0×0b, Issue 0×3b, Phile #0×07 of 0×12
(Read More …)
(more…)
This is a translation of the original article published on www.s0ftpj.org .
( introduction section …)
Today the net offers us a lot of pseudo-tools that work as processes hiders but, as well known, they are far to be perfect. Let’s start for example with a classic binary-trojan: running strace we’ll notice immediately that there’s something that needs our attention.
(read more …)
(more…)
This paper is about the LD_PRELOAD feature, and how it can be useful for reverse engineering dynamically linked executables. This technique allows you to hijack functions/inject code and manipulate the application flow.
(Read more …)
This paper explains how to Scanning web 2.0 applactions with borwsers & Client-Side Components .The key learning objectives of this article are to understand the following concepts and techniques: Scanning complexity and challenges in new generation Web applications / Web 2.0 client-side scanning objectives and methodology / Web 2.0 vulnerability detection (XSS in RSS feeds) / Cross-domain injection with JSON /Countermeasures and defense through browser-side filtering.
(Read more …)
(more…)
Cross-site scripting (XSS) attacks exploit vulnerabilities in Web-based applications that fail to properly validate and/or encode input that is embedded in response data. Malicious users can then inject client-side script into response data causing the unsuspecting user’s browser to execute the script code. The script code will appear to have originated from a trusted-site and may be able to bypass browser protection mechanisms such as security zones. See This Library in microsoft
