Syscall Proxying is a powerful technique when staging attacks against
code injection vulnerabilities (buffer overflows, user supplied format
strings, etc) to successfully turn the compromised host into a new
attack vantage point. It can also come handy when "shellcode"
customization is needed for a certain attack (calling setuid(0),
deactivating signals, etc).
Syscall Proxying can be viewed as part of a framework for developing new
penetration testing tools. Developing attacks that actively use the
Syscall Proxying mechanism effectively raises their value.
This technique was presented at the Black Hat Briefings USA 2002. The
presentation along with a whitepaper and sample tools can be found at:
http://www.corest.com/blackhat2002.htm
salud!
max/
--
Maximiliano Caceres
Product Engineer
CORE SECURITY TECHNOLOGIES
Florida 141 - 2º cuerpo - 7º piso
C1005AAC Buenos Aires - Argentina
Tel/Fax: (54 11) 4878-CORE (2673)
http://www.corest.com
--- for a personal reply use: Maximiliano Caceres <maximiliano.caceres_at_corest.com>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 07 2002
Intro
