Full Disclosure mailing list archives
Re: New Security paper released
From: "MN Vasquez" <mnv () alumni princeton edu>
Date: Mon, 13 Sep 2004 18:21:31 -0700
While I'm not a coder, I've always heard that it can be dirty work. After reading this paragraph in your paper: " We've used just 10 numbers in this sequence, so our buffer was 1 for alignment and the numbers 1 2 3 4 5 6 7 8 9 1 with shits between them, so....as the number in eip was 2 (32323232) we just reached what we wanted ;)." I now know why buffer overflow coding is not for me. Maybe you reached what you wanted, but umm, speak for yourself... ;-) ----- Original Message ----- From: "shadown" <shadown () gmail com> To: <full-disclosure () lists netsys com>; <bugtraq () securityfocus com>; <vuln-dev () securityfocus com> Sent: Monday, September 13, 2004 4:24 PM Subject: [Full-disclosure] New Security paper released
Hi, I've just released 'Win32 Stack BufferOverFlow Real Life Vuln-Dev Process' paper. Which covers the hole process of vuln-dev, from discovering the bug till exploiting it. You can download it from: http://hack3rs.org/~shadown/Twister/ I hope you'll enjoy it. Cheers, shadown -- Sergio Alvarez Security, Research & Development IT Security Consultant email: shadown () gmail com This message is confidential. It may also contain information that is privileged or otherwise legally exempt from disclosure. If you have received it by mistake please let us know by e-mail immediately and delete it from your system; should also not copy the message nor disclose its contents to anyone. Many thanks. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New Security paper released shadown (Sep 13)
- Re: New Security paper released MN Vasquez (Sep 13)