Generating exploits coded in… plain english

24 11 2009

Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable.

Read the rest of this entry »

Advertisements




Buffer overflow primer review

17 11 2009

Hello all, after a while of not updating my blog, and switching blogs, I decided to finally make a new post after all.

This post will be a review on the video tutorial series “Buffer overflow primer” by Vivek┬áRamachandran.

Read the rest of this entry »





New 0-Day wordpress exploit

20 10 2009

A new wordpress exploit has been discovered just recently creating a buffer overflow that will generate a lot of traffic. And I mean a LOT.

A quick temporary patch is to add these lines into your apache config file.

Read the rest of this entry »





SQLmap video tutorial and SQL injection prevention

20 10 2009

Hi all,

I just finished a small video tutorial on using SQLmap to test your web application for SQL injection and automaticly inject it.

It also shortly goes over preventing SQL injection on your website.

Read the rest of this entry »





Just an update, some interesting stuff, fuzzing, SQL injection, twitter clients, …

18 10 2009

Hi again all,

This is a post about SQL injection, and a twitter client I like to use for those that like twitter.

Read the rest of this entry »





Experiences with Backtrack 4 pre-final and SQL injection tools

16 10 2009

Hello, this is my first post on this blog, or on any blog ever. But I decided that maybe I could contribute to the world through blogs what the blogs contributed to me.

So to start off, I have been giving backtrack 4 pre-final a spin. Very good, especially the fact it’s running on Ubuntu’s kernel, and also makes use of the package manager, ….

Read the rest of this entry »