Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Leaders in Online Information Security Training » Return Oriented Exploitation (ROP). You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Leaders in Online Information Security Training » Return Oriented Exploitation (ROP)
by Security Reads at 2:35 pm EDT, Apr 14, 2010

For all those who registered to AWE in BlackHat Vegas 2010 – we have special surprise for you… We’ve updated our “Bypassing NX” module with the buzzing ROP exploitation method. We took the PHP 6.0 Dev str_transliterate() 0Day Buffer Overflow Exploit and ported it to a Windows 2008 Server environment, with DEP on AlwaysOn mode. The general idea is to use carefully calculated jumps to function tails present in executable memory in order to align the stack for a WriteProcessMemory call. This call will copy our shellcode to an executable place in memory, and then jump to it. You can check out the exploit here.


 
 
Powered By Industrial Memetics