Penetration Testing mailing list archives
Re: Evolution of security threats and exploits...
From: Haroon Meer <haroon () thinkst com>
Date: Thu, 2 Dec 2010 00:47:36 +0200
Hi On Wed, Dec 1, 2010 at 9:56 PM, Ryan Sears <rdsears () mtu edu> wrote:
The evolution of threats is something that has always interested me as well. As far as attacks that are more prevalent now then 5 years ago, I'd have to say both "double free"/"use-after-free" and NULL pointer dereferencing are probably the 2 that stand out in my mind the most.
We did some work earlier this year to plot an online, editable timeline of memory corruption attacks and mitigations. You can check out (and edit) the timeline here: http://ilm.thinkst.com/folklore/index.shtml If you like, you can grab the associated paper/presentations from my blog: http://blog.thinkst.com/2010/08/blackhat-2010-slides-paper-rest.html /mh -- Haroon Meer http://thinkst.com/ Tel: +27 83 786 6637 PGP: http://thinkst.com/pgp/haroon.txt ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Evolution of security threats and exploits... cribbar (Dec 01)
- RE: Evolution of security threats and exploits... Jarret Raim (Dec 01)
- Re: Evolution of security threats and exploits... Dan Crowley (Dec 01)
- Re: Evolution of security threats and exploits... Shain Singh (Dec 01)
- Re: Evolution of security threats and exploits... Todd Haverkos (Dec 10)
- Re: Evolution of security threats and exploits... cribbar (Dec 11)
- <Possible follow-ups>
- Fwd: Evolution of security threats and exploits... Ryan Sears (Dec 01)
- Re: Evolution of security threats and exploits... Haroon Meer (Dec 01)