Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Evolution of security threats and exploits...

From: Haroon Meer <haroon () thinkst com>
Date: Thu, 2 Dec 2010 00:47:36 +0200
Hi

On Wed, Dec 1, 2010 at 9:56 PM, Ryan Sears <rdsears () mtu edu> wrote:

The evolution of threats is something that has always interested me as well.
As far as attacks that are more prevalent now then 5 years ago, I'd have to say both "double free"/"use-after-free" 
and NULL pointer dereferencing are probably the 2 that stand out in my mind the most.


We did some work earlier this year to plot an online, editable
timeline of memory corruption attacks and mitigations.
You can check out (and edit) the timeline here:
http://ilm.thinkst.com/folklore/index.shtml

If you like, you can grab the associated paper/presentations from my
blog: http://blog.thinkst.com/2010/08/blackhat-2010-slides-paper-rest.html

/mh

-- 
Haroon Meer        http://thinkst.com/
Tel: +27 83 786 6637    PGP: http://thinkst.com/pgp/haroon.txt

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: