Intro
Tired of all the same re-hashed articles on exploiting the SQL injections, XSS, XSRF, File Inclusion, basic overflows, and more? I am, so I started writing more interesting material. This started with “Exploiting Modern Userland Linux Applications”. A tale on bypassing modern exploit mitigations and real adventures in x64 world without turning off ASLR. Now I’m here to present a series called “Writing Exploits For Exotic Bug Classes.” This will be adventures in exploiting common bug classes that aren’t talked about as often. They will be co-presented with exploits for modern applications (2012-2013), possibly 0day assuming legal possibilities with a certain vendor, an easier to consume slide deck and, as always, a weaponized Python exploit. Enjoy!
read more.........http://www.alertlogic.com/writing-exploits-for-exotic-bug-classes/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29
Tired of all the same re-hashed articles on exploiting the SQL injections, XSS, XSRF, File Inclusion, basic overflows, and more? I am, so I started writing more interesting material. This started with “Exploiting Modern Userland Linux Applications”. A tale on bypassing modern exploit mitigations and real adventures in x64 world without turning off ASLR. Now I’m here to present a series called “Writing Exploits For Exotic Bug Classes.” This will be adventures in exploiting common bug classes that aren’t talked about as often. They will be co-presented with exploits for modern applications (2012-2013), possibly 0day assuming legal possibilities with a certain vendor, an easier to consume slide deck and, as always, a weaponized Python exploit. Enjoy!
read more.........http://www.alertlogic.com/writing-exploits-for-exotic-bug-classes/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityBloggersNetwork+%28Security+Bloggers+Network%29