Past, Present, Future of Windows Exploitation - 3
来源:互联网 发布:java连接池代码 编辑:程序博客网 时间:2024/06/06 07:25
history of some not so typical windows exploits:
in this section i’m going to archive some of interesting exploits i saw you can learn lots of things from them !
1- one of first real-world HW-DEP bypass Exploit by devcode : here
2- bypassing DEP by returning into HeapCreate by toto : here
3- first public ASLR bypass exploit by using partial overwrite by skape : here
4- heap spray and bypassing DEP by skylined : here
5- first public exploit that used ROP for bypassing DEP in adobe lib TIFF vulnerability : here (is this case ASLR bypass is possible !)
6- exploit codes of bypassing browsers memory protections : here
7- Cesar Cerrudo PoC’s on Tokken TokenKidnapping . PoC for 2k3: here , PoC 2k8: here
8- Tavis Ormandy KiTra0d an exploit works from win 3.1 to win 7 . PoC here (metasploit updated module works more interesting !)
9- old ms08-067 metasploit module multi-target and DEP bypass PoC here
10- PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass (using ROP and Brute Forcing ASLR) PoC here
11- Stephen Fewer SMBv2 Exploit . PoC here
note 1 :there is lots of other interesting exploits in windows platform you can just find them in here and also here .
note 2: i saw lots of other great and advanced exploits in commercial packages . (they are commercial so forget them ;) )
===================================================
history of related windows exploitation books !
in this section i’m going to archive some books about windows exploitation.
1- Exploiting Software How to Break Code By (Greg Hoglund, Gary McGraw)
2- The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (By Mark Dowd, John McDonald)
3- Buffer Overflow Attacks: Detect, Exploit, Prevent (by James C. Foster)
4- Windows Internals (by Mark Russinovich , David A. Solomon, Alex Ionescu)
5- The Shellcoders Handbook Discovering and Exploiting Security
(by Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan Eren, Neel Mehta, and Riley Hassell)
6- Software Vulnerability Guide ( by HERBERT H. THOMPSON , SCOTT G. CHASE)
7- ADVANCED WINDOWS DEBUGGING (by Mario Heward , Daniel Pravat)
8- Reversing: Secrets of Reverse Engineering
9- great step by step exploit writing tutorials by my friend Peter Van Eeckhoutte :
- Exploit writting tutorial part 1:Stack Based Overflows – here
- Exploit writting tutorial part 2: Stack Based Overflows – jumping to shellcode – here
- Exploit writting tutorial part 3: SEH Based Exploits – here
- Exploit writting tutorial part 3b: SEH Based Exploits - just another example - here
- Exploit writting tutorial part 4: From Exploit to Metasploit – here
- Exploit writting tutorial part 5: speed up basic exploit development – here
- Exploit writting tutorial part 6: Bypassing GS, SafeSeh, SEHOP, HW DEP and ASLR – here
- Exploit writting tutorial part 7: Unicode – from 0×00410041 to calc – here
- Exploit writting tutorial part 8: Win32 Egg Hunting - here
- Exploit writting tutorial part 9: Introduction to Win32 shellcoding – here
also he wrote a cool immunity debugger PyCommand called PveFindAddri think this python script is necessary for speed-up exploitdevelopment for newbie or expert exploit developers and i found it souseful , it have some cool features like finding instructions for codereuse and ROP also finding state of memory protections and finding bestreturn address in your situation.
this is not complete lits of exploitation related book / articles list i just listed those have windows specific chapters .
PART III : Future of exploitation
Starring : T.B.A
1- exploitation is not and will not die.
2- just will change and being more harder also won’t be ” just for fun” like before.
3- writingreliable exploits will take time and time == money and now exploitdevelopment is acceptable specific job in security area !
4- fame == money as well (also is lovely by itself) . so you will see other great researches in various security fields ;)
5- if you read all of resources exist in post you can be a great exploit developer ; )
- Past, Present, Future of Windows Exploitation - 3
- Past, Present, Future of Windows Exploitation - 1
- Past, Present, Future of Windows Exploitation - 2
- THE PAST, PRESENT & FUTURE OF LOCAL STORAGE FOR WEB APPLICATIONS
- Perl/Tk Menus: Past, Present and Future
- The Past,Present,and Future of Configuration Management(Susan A.Dart)(1992)
- Rootkit Unhooker v3.8 It's Past, Present and Future of the NTx86 Rootkit Detection
- Water 4.0: The Past, Present, and Future of the World's Most Vital Resource
- Service Discovery: Perspectives on the Past, Present, & Future @ JDJ
- Jackson Michael's history:past,present and future
- Linux, Samba and ACLs: past, present, and future
- 一,survey:person re-identification:past,present and future
- 论文笔记-Person Re-identification Past, Present and Future
- 论文笔记-Person Re-identification Past, Present and Future
- 论文笔记-Person Re-identification Past, Present and Future
- 【Person Re-ID】Person Re-identification: Past, Present and Future
- Past and Future of Information Systems
- Face your past without regret. Handle your present with confidence.Prepare for future without fear.
- ASP.NET 安全认证-----单点登录
- 【转帖】dsp浮点与定点运算
- MSDN上的WCF入门教程
- 2010年5月10日(新公司入职,第六周星期一)
- PHP也可以使用SQL Reporting Services了
- Past, Present, Future of Windows Exploitation - 3
- .net 做的IP 访问限制
- 函数可重入性及编写规范
- 写给所有准备上路的人,,共勉。
- 用MFC实现OpenGL编程
- 【转】ACCESS中如何在SQL语句的WHERE条件中加日期条件
- jvm装入原理
- 技术测试:你是oltp应用开发方面的高手吗?
- WCF,Net remoting,Web service