Archive

Posts Tagged ‘exploitation’

Infecting loadable kernel modules: kernel versions 2.6.x/3.0.x

April 18, 2012 13 comments

Hi.
“Infecting loadable kernel modules: kernel versions 2.6.x/3.0.x” is the title of my last paper that has been published on phrack #68. You can read the paper here.

Many thanks to:
– blackb1rd (a phrack reviewer) who helped me in writing the paper.
– All the phrack staff for publishing the paper.
– emdel for … mmmh … Hi, emdel!

Any comments or suggestions would be (obviously) appreciated.
Bye.

Smashing the stack in 2010 (improved)

October 15, 2010 Leave a comment

Hi,

in this brief post I will show you the improvements I have made on “Smashing the stack in 2010″. First of all I have improved the bibliography in order to help the readers to learn and delve into as well as to give the credits to others researchers for their works. Then I have rewritten the section “write an exploit” in my Windows part because of lack of clarity in the previous version, now I hope it is suitable to a newbie. Last but not least I have added a new part called “Real Scenario” in which we are going to analyze real exploits, in fact it is important – to gain a real and useful knowledge – to be able to analyze a real attack even it can be complex and sophisticated. In the report I have analyzed in detail  CVE-2010-0249 (Operation Aurora exploit) and CVE-2010-2883 (the Adobe cooltype sing table exploit), they are good examples of attacks through memory corruption vulnerabilities. I know that thare are a lot of analyses especially for CVE-2010-2883, but we know the paradigm “learning by doing” :) anyway if you want to read other good works I suggest you the following VUPEN (a great analysis!) and jduck (on Metasploit blog).

Smashing the stack in 2010 (improved) : download

Table of contents (of the new part):

IV Real Scenario 75
8 Attacks and memory corruption 75
9 Memory corruption in practice 76
10 Examples of real attacks 77
10.1 Theory: Heap Spraying . . . . . . . . . . . . . . . . . 77
10.2 CVE-2010-0249 – Internet Explorer 6, 2010 – Graziano.  . 78
10.3 CVE-2010-2883 – Adobe Acrobat Reader, 2010 – Graziano  . 84

As usual feel free to contact me to ask questions, to give a feedback, to point an error out to me or just to chat or you can find me on irc ( irc.azzurra.org chan #hacklab or on freenode chan #corelan ) :)

Happy hacking!! (again :P )

Follow

Get every new post delivered to your Inbox.