Vulnerability Development mailing list archives
InsecureProgramming: hands on exploit development
From: Iván Arce <iarce () core-sdi com>
Date: Fri, 27 Jul 2001 20:02:33 -0300
Hello A friend and co-worker (Gerardo Richarte, gera AT corest.com) has set up a web page with a set of small vulnerable programs. The idea behind this is to write an exploit for each of them and while doing so learn a bit (on a hands on experience) about interesting techniques for exploit development and how to actually implement those techniques. Get together all your text files and articles about buffer overflows, format string bugs and etceteras and go to: http://community.core-sdi.com/~gera/InsecureProgramming/ plenty of interesting things to exploit, stack and heap overflows, destructors, signal handlers, function pointers, PLTs, etc. Gera says hes still working on the page but will benefit a lot from input and feedback from anyone. keep your exploits to yourself or post them or discuss about them or whatever. cheers, -ivan --- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, Its nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce CORE SDI Inc. Iván Arce Chief Technology Officer PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email : iarce () core-sdi com http://www.core-sdi.com Florida 141 2do cuerpo Piso 7 C1005AAC Buenos Aires, Argentina. Tel/Fax : +(54-11) 4878-CORE (2673)
Current thread:
- InsecureProgramming: hands on exploit development Iván Arce (Jul 28)