content top

Exploit Reliability Testing System

Exploit Reliability Testing System

Introduction   One of my friend was playing with “MS13-009” a Use After Free vulnerability in Internet Explorer which leads to Remote Code Execution. He asked me to help him in writing a reliable exploit for this vulnerability. Once I started looking into the vulnerability, I realized that this vulnerability is unreliable due to the fact that there is a very small window between free and use of the freed object. More...

Read More

Heap Spraying – Active X Controls Under Attack

Heap Spraying – Active X Controls Under Attack

Introduction   An ActiveX control is essentially a simple OLE object that supports the IUnknown interface. It was introduced in 1996 by Microsoft as a development of its Component Object Model (COM) and Object Linking and Embedding (OLE) technologies and is commonly used in its Windows Operating System.   ActiveX controls are highly portable COM objects, used extensively throughout Microsoft Windows platforms and, especially, in...

Read More

Shellcode Of Death

Shellcode Of Death

Introduction   Recently, I had been working on a shellcode project that we named as “Shellcode Of Death“. “Shellcode of Death” is designed to run on Windows x86 platforms like Windows XP/Vista/7/8/Server 2003/2008.   What this shellcode does?     Well, this shellcode has been designed to format all the available drive on Windows. Weird? Huh!!! Yes, I know you may be thinking this is weird and why...

Read More

Art Of Exploit Writing – null Security Meet

Art Of Exploit Writing – null Security Meet

Introduction   It’s was my pleasure to be with fantastic security minds of Bangalore. The event was null Bangalore which held @ThoughtWorks.   Topics and Schedules   09:30 – 10:00: Web App Basics – Insecure Direct Object Reference – Himanshu Das 10:00 – 10:15: Introductions 10:15 – 10:35: Newsbytes – Apurva 10:35 – 11:05: Vulnerability Disclosure – Nikhil Kulkarni 11:05...

Read More

FreeFloat FTP Server – Buffer Overflow

FreeFloat FTP Server – Buffer Overflow

INTRODUCTION In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory. This is a special case of violation of memory safety. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior,...

Read More
content top