AthCon 2012 Slides & Notes

Slides & notes for “Uncovering Zero-Days and advanced fuzzing” at AthCon 2012:

 Uncovering ZeroDays and advanced fuzzing 

             the full version as a PDF file
 Uncovering ZeroDays and advanced fuzzing SCRIPT

            the full script (my notes) as a PDF file


15 thoughts on “AthCon 2012 Slides & Notes

  1. Excellent stuff! The demo of slowly testing using Perl (how you found the Apache bug) is especially inspiring, shows a more methodical and better way than just firing $(public_fuzzer) at something and looking for a crash…
    I wish I had been able to go to Athcon to see this…

  2. Thanks again! The slides and notes show some insight on how to improve your auditing skills and I just want to deliver knowledge to the people that I collected over the years, of course not everything. I love to hear posts like the one you wrote drunkode, as it shows me that it is worth doing what i do .. 😀 Enjoy!

  3. Pingback: .:[ d4 n3wS ]:. » Comment KingCope trouve des failles de sécu

  4. why can’t you use memcpy to copy the shellcode to the mmap alocated area? Because the stack is randomized? I guess so…….then what do the copied gadgets do so special in order to copy the shellcode from the stack are? They work like an egghunter or what? Thanks.

    • It is much more straight forward to use the read plt entry in order to readin the shellcode from the tcp connection. If read plt is not available( bcoz of no dynamic linkage for example) u can use the presented shellcode copier . It copies the shellcode from ESP register to the new mmaped area (0x10000200) right after the shellcode copier. Yes its because stack adresses are unknown.

  5. Good day! Do you know if they make any plugins to assist with SEO?
    I’m trying to get my blog to rank for some targeted keywords
    but I’m not seeing very good success. If you know of any please share.


  6. You actually make it seem so easy along with your presentation however I to find this matter to be
    really something that I believe I’d by no means understand.
    It kind of feels too complicated and extremely vast for me.

    I’m looking forward in your subsequent publish,
    I’ll attempt to get the dangle of it!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s