0day was the case that they gave me
Slides & notes for “Uncovering Zero-Days and advanced fuzzing” at AthCon 2012:
Uncovering ZeroDays and advanced fuzzing
the full version as a PDF file
Uncovering ZeroDays and advanced fuzzing SCRIPT
the full script (my notes) as a PDF file
May 24, 2012
Do you want to comment?
Comments RSS and TrackBack URI
Thank you, very nice!
You are welcome, I hope people like it and can actually make use of the information inside.
Excellent stuff! The demo of slowly testing using Perl (how you found the Apache bug) is especially inspiring, shows a more methodical and better way than just firing $(public_fuzzer) at something and looking for a crash…
I wish I had been able to go to Athcon to see this…
Thanks again! The slides and notes show some insight on how to improve your auditing skills and I just want to deliver knowledge to the people that I collected over the years, of course not everything. I love to hear posts like the one you wrote drunkode, as it shows me that it is worth doing what i do .. Enjoy!
salam kincope jan …
Tnx .. rasti kellas online ham mizari ?
King, yesterday I saw your materials. How can I speak with you more privately?
you can mail me at firstname.lastname@example.org
why can’t you use memcpy to copy the shellcode to the mmap alocated area? Because the stack is randomized? I guess so…….then what do the copied gadgets do so special in order to copy the shellcode from the stack are? They work like an egghunter or what? Thanks.
It is much more straight forward to use the read plt entry in order to readin the shellcode from the tcp connection. If read plt is not available( bcoz of no dynamic linkage for example) u can use the presented shellcode copier . It copies the shellcode from ESP register to the new mmaped area (0×10000200) right after the shellcode copier. Yes its because stack adresses are unknown.
right, read is also an option.
aha, ok, thanks for clarifying that up mate!
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
Connecting to %s
Notify me of follow-up comments via email.
Notify me of new posts via email.
Blog at WordPress.com.
Theme: Neutra by Artmov.
Get every new post delivered to your Inbox.