Home page logo
/

pen-test logo Penetration Testing mailing list archives

Syscall Proxying: whitepaper and samples release
From: Maximiliano Caceres <core.lists.pentest () core-sdi com>
Date: Tue, 06 Aug 2002 19:13:31 -0300


Syscall Proxying is a powerful technique when staging attacks against code injection vulnerabilities (buffer overflows, user supplied format strings, etc) to successfully turn the compromised host into a new attack vantage point. It can also come handy when "shellcode" customization is needed for a certain attack (calling setuid(0), deactivating signals, etc).

Syscall Proxying can be viewed as part of a framework for developing new penetration testing tools. Developing attacks that actively use the Syscall Proxying mechanism effectively raises their value.


This technique was presented at the Black Hat Briefings USA 2002. The presentation along with a whitepaper and sample tools can be found at:

http://www.corest.com/blackhat2002.htm


salud!
max/

--
Maximiliano Caceres
Product Engineer
CORE SECURITY TECHNOLOGIES

Florida 141 - 2º cuerpo - 7º piso
C1005AAC Buenos Aires - Argentina
Tel/Fax: (54 11) 4878-CORE (2673)
http://www.corest.com


--- for a personal reply use: Maximiliano Caceres <maximiliano.caceres () corest com>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
  • Syscall Proxying: whitepaper and samples release Maximiliano Caceres (Aug 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]