AWBO Part Deux
Since some people have been chomping at the bit for the next challenge, so here it is. The same rules apply as did last time. When we say no static stack return addresses, this also means of course that there's no need for NOP sleds, so I shouldn't see them in solutions.
Checking Multiple Bits in a Flag Field
Sometimes, it is necessary to check a value in a flag field that is not a power of two (1, 2, 4, 8, etc.) and therefore requires multiple bits to be represented, yet other values in the byte are not part of that flag field. Such is the case for DNS where server status codes are r
Defcon, testing and exploiting
This year at Defcon Immunity trotted out the first iteration of their NOP cert test, and I had the pleasure of giving it a test run. I still think it's a great indicator of ability, despite the Immunity tools focus; I'm not a user of any of their tools generally, but I ma
DNS Vulnerability Paper
Now that Defcon is over and the Kaminsky DNS Vulnerability is completely out in the open, the Sourcefire VRT has a new whitepaper that discusses the issue and suggests detection methods using Snort rules. Download it here.
Flash Vulnerability Info
On 5-27-2008 Symantec issued a 0-day vulnerability alert pertaining to malicious flash (SWF) files circulating in the wild. The initial Symantec report stated that this issue was unknown and that it affected the latest version 9.0.124.0 of flash player and several other Adobe pro
How to annoy co-workers taking a break
We have a Foozball table here at SF World Domination HQ. It sees a lot of action from various people in the company during lunchtimes. Unfortunately, it is located close to the VRT lair. So close in fact, that we are able to run wire to a speaker strategically placed in the ceili
Power over Ethernet and Snort
Lurene correctly points out that vulnerability research is often a series of failures, but that what you learn as you work through the failures will often come in useful in the future. Recently we had a strong desire to put a snort sensor in-line with a wireless access point. Whi