BSD Kernel Stack/Heap Exploitation

Black Hat Europe 2010 update � argp's blog

The REIL language – Part II
By Sebastian Porst

In the first part of this series I gave a brief overview of the REIL language (Reverse Engineering Intermediate Language), the intermediate language we use in our internal binary code analysis algorithms. I talked about the language in general and what motivated us to create it. In this second part I am going to talk about the REIL instruction set.

The REIL language – Part II « blog.zynamics.com

While working on /GS – and navigating the unfamiliar corridors of the Visual Studio buildings – I got talking to Boris Jabes, Program Manager Lead in the Visual Studio IDE team. He told me how they were making the IDE easier to extend in Visual Studio 2010.

Banned APIs and Extending the Visual Studio 2010 Editor - The Security Development Lifecycle - Site Home - MSDN Blogs

A brief analysis of a malicious PDF file which exploits this week’s Flash 0-day
2010/06/09 by Sebastian Porst

I spent the last two days with a friend of mine, Frank Boldewin of reconstructer.org, analyzing the Adobe Reader/Flash 0-day that’s being exploited in the wild this week. We had received a sample of a malicious PDF file which exploits the still unpatched vulnerability (MD5: 721601bdbec57cb103a9717eeef0bfca) and it turned out more interesting than we had expected. Here is what we found:

blog.zynamics.com

Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly ----------------------------------------------------------------------------

Help and Support Centre is the default application provided to access online documentation for Microsoft Windows. Microsoft supports accessing help documents directly via URLs by installing a protocol handler for the scheme "hcp", a typical example is provided in the Windows XP Command Line Reference, available at http://technet.microsoft.com/en-us/library/bb490918.aspx.

Tavis Strikes Again

Official release of PDF Dissector 1.0
By Sebastian Porst

I have talked about PDF Dissector, our new tool for analyzing malicious PDF files, on this blog before. After a few weeks of beta testing we are releasing PDF Dissector 1.0 today.

Official release of PDF Dissector 1.0 � blog.zynamics.com

Automatically Capturing a Dump When a Process Crashes

I recently received the following question from a customer:

“During our test runs (which might run for hours), if a process crashes, we’d like to create full memory dumps for later diagnosis. Can I configure the machine to do this automatically?”

CLR Team Blog : Automatically Capturing a Dump When a Process Crashes

The Chrome Sandbox Part 1 of 3: Overview
posted by Mark @ 5/20/2010 08:26:00 PM

Earlier this year, CanSecWest hosted the popular "Pwn2Own" contest, whereby contestants attempt to exploit vulnerabilities they have discovered in popular software packages. The contest has a strong focus on web browsers, and this year, it didn't disappoint: all of the major web browsers were successfully compromised, with the notable exception of Google's Chrome. I believe Chrome's survival was largely due to its integrated sandbox, which aims to isolate the browser from being able to perform any potentially adverse operations on the system upon which it is running. I have been working with Google for the last several months on Chrome, with one of my major charges being a security review of the sandbox and its related components. Therefore, with Google's blessing, I thought I might take some time here to discuss the basic sandbox architecture, the attack surface, and present a few examples of vulnerabilities I uncovered during my time working on it.

Azimuth Security: The Chrome Sandbox Part 1 of 3: Overview

CDD.dll vulnerability: Difficult to exploit

Today we released security advisory 2028859 notifying customers of a vulnerability in cdd.dll. We wanted to share more information about the public disclosure, exploitability, attack vectors, and workarounds here to help you understand the risk posed by this publicly-disclosed vulnerability.

Security Research & Defense : CDD.dll vulnerability: Difficult to exploit

Technical details of the Street View WiFi payload controversy
Posted by Robert Graham at 12:38 PM
The latest privacy controversy with Google is that while scanning for WiFi access-points in their Street View cars, they may have inadvertently captured data payloads containing private information (URLs, fragments of e-mails, and so on).

Errata Security: Technical details of the Street View WiFi payload controversy