AthCon 2012 Slides & Notes

Slides & notes for “Uncovering Zero-Days and advanced fuzzing” at AthCon 2012:

 Uncovering ZeroDays and advanced fuzzing 

             the full version as a PDF file
 Uncovering ZeroDays and advanced fuzzing SCRIPT

            the full script (my notes) as a PDF file

About these ads

13 thoughts on “AthCon 2012 Slides & Notes

  1. Excellent stuff! The demo of slowly testing using Perl (how you found the Apache bug) is especially inspiring, shows a more methodical and better way than just firing $(public_fuzzer) at something and looking for a crash…
    I wish I had been able to go to Athcon to see this…

  2. Thanks again! The slides and notes show some insight on how to improve your auditing skills and I just want to deliver knowledge to the people that I collected over the years, of course not everything. I love to hear posts like the one you wrote drunkode, as it shows me that it is worth doing what i do .. :D Enjoy!

  3. Pingback: .:[ d4 n3wS ]:. » Comment KingCope trouve des failles de sécu

  4. why can’t you use memcpy to copy the shellcode to the mmap alocated area? Because the stack is randomized? I guess so…….then what do the copied gadgets do so special in order to copy the shellcode from the stack are? They work like an egghunter or what? Thanks.

    • It is much more straight forward to use the read plt entry in order to readin the shellcode from the tcp connection. If read plt is not available( bcoz of no dynamic linkage for example) u can use the presented shellcode copier . It copies the shellcode from ESP register to the new mmaped area (0x10000200) right after the shellcode copier. Yes its because stack adresses are unknown.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s