Re: New Security paper released

["MN Vasquez" <mnv () alumni princeton edu>]

While I'm not a coder, I've always heard that it can be dirty work.  After
reading this paragraph in your paper:

" We've used just 10 numbers in this sequence, so our buffer was 1 for
alignment and the numbers 1 2 3 4 5 6 7 8 9 1 with shits between them,
so....as the number in eip was 2 (32323232) we just reached what we wanted
;)."

I now know why buffer overflow coding is not for me.  Maybe you reached what
you wanted, but umm, speak for yourself...

;-)



----- Original Message ----- 
From: "shadown" <shadown () gmail com>
To: <full-disclosure () lists netsys com>; <bugtraq () securityfocus com>;
<vuln-dev () securityfocus com>
Sent: Monday, September 13, 2004 4:24 PM
Subject: [Full-disclosure] New Security paper released


> Hi,
>
>   I've just released 'Win32 Stack BufferOverFlow Real Life Vuln-Dev
> Process' paper.
>   Which covers the hole process of vuln-dev, from discovering the bug
> till exploiting it.
>   You can download it from: http://hack3rs.org/~shadown/Twister/
>   I hope you'll enjoy it.
>   Cheers,
>      shadown
> -- 
> Sergio Alvarez
> Security, Research & Development
> IT Security Consultant
> email: shadown () gmail com
>
> This message is confidential. It may also contain information that is
> privileged or otherwise legally exempt from disclosure. If you have
> received it by mistake please let us know by e-mail immediately and
> delete it from your system; should also not copy the message nor
> disclose its contents to anyone. Many thanks.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html