Nmap Security Scanner
 Intro
Ref Guide
Install Guide
Download
Changelog
Book
Docs
Security Lists
Nmap Hackers
Nmap Dev
Bugtraq
Full Disclosure
Pen Test
Basics
More
Security Tools
Pass crackers
Sniffers
Vuln Scanners
Web scanners
Wireless
Exploitation
Packet crafters
More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
|
 |
Dailydave
mailing list archives
Re: Understanding Windows Heap Overflows
From: Dave Aitel <dave () immunitysec com>
Date: Fri, 07 Oct 2005 10:34:52 -0400
If a message bounces or is moderated, just send me an email and I'll
crawl through the spam to find it and approve it. I'll go through and do
that now though, for completeness [done]. I do have a question for the
list, however. There was an academic paper on a nop detection method
called "STRIDE". Is this what commercial IDS's are implementing today or
do they use something dumber? Which ones use which? Is there an open
source version of STRIDE available for testing? They claim very low
false positives, but it seems like any email with a lot of A's should
trigger it...
Basically, yesterday I wrote a "nop" generation tool - one which we'll
be making available through CANVAS World Service, so the algorithm
itself is "hidden". But it's kinda hard to test against STRIDE if there
is not STRIDE to test against...
-dave
Matt Conover wrote:
Hi All,
Ok I tried twice to send a reply about this Windows heap discussion!
First it was bounced because I sent it an from an account not
subscribed. Then because the message exceeded the 40KB limit. So
now, I give up :) I just put my message here:
http://www.cybertech.net/~sh0ksh0k/heap.txt
<http://www.cybertech.net/%7Esh0ksh0k/heap.txt>
I included the code I was originally using to do all of our heap
exploitation testing in for our CanSecWest 2004 presentation. I don't
think it was publicly released previously... at
least I have no memory of it. But I thought by now someone would have
written a really nice comprehensive paper on Windows
heap exploitation... but to my surprise no one has yet :(
I forget who said it, but someone in this thread called it the
"Conover coalescing technique".... while I'm flattered of course, it's
inaccurate. This technique was co-authored with Oded Horovitz. Oded is
the one that originally taught me all his cool Windows tricks, so
nothing would have been possible without his involvement.
Speaking of Oded... he is a recent father, send him some greets and
congrats :)
Matt
 By Date 
By Thread
Current thread:
- RE: Understanding Windows Heap Overflows, (continued)
|
|
