InsecureProgramming: hands on exploit development

[Iván Arce <iarce () core-sdi com>]

Hello
 A friend and co-worker (Gerardo Richarte, gera AT corest.com)
 has set up a web page with  a set of small vulnerable programs.

The idea behind this is to write an exploit for each of them and
while doing so learn a bit (on a hands on experience) about
interesting techniques for exploit development and how to
actually implement those techniques.
Get together all your text files and articles about buffer
overflows,  format string bugs and etceteras and go to:

http://community.core-sdi.com/~gera/InsecureProgramming/

plenty of interesting things to exploit, stack and heap overflows,
destructors, signal handlers, function pointers, PLTs, etc.

Gera says hes still working on the page but will benefit a lot
from input and feedback from anyone.

keep your exploits to yourself or post them or discuss about
them or whatever.

cheers,
-ivan

---

"Understanding. A cerebral secretion that enables one having it to know
 a house from a horse by the roof on the house,
 Its nature and laws have been exhaustively expounded by Locke,
 who rode a house, and Kant, who lived in a horse." - Ambrose Bierce


CORE SDI Inc.
Iván Arce
Chief Technology Officer
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
email   : iarce () core-sdi com
http://www.core-sdi.com
Florida 141 2do cuerpo Piso 7
C1005AAC Buenos Aires, Argentina.
Tel/Fax : +(54-11) 4878-CORE (2673)