Discovering and exploiting a remote buffer overflow vulnerability in an FTP server – PART 1

Hello all, in this tutorial we will learn how to identify a vulnerability in an FTP server through the process of “Fuzzing” which could lead to a DoS or Buffer Overflow vulnerability identification. In this specific part we will use FTPFuzz to crash FileCOPA and identify a vulnerability in the LIST command.

Read the rest of this entry »

Generating exploits coded in… plain english

Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable.

Read the rest of this entry »