ASLR – Page 4 – WindowsTechs.com

Security in memory and between local windows processes over localhost

Posted on November 14, 2019 by Basil

I have a windows application that runs in 2 processes and communicates over localhost network port.

This application can hold secrets, such as a web cookie.

I’m trying to think through the security vulnerabilities.

My impr… Continue reading Security in memory and between local windows processes over localhost→

Disable ASLR inside Docker container

Posted on August 8, 2019 by Ra'Jiska

I am looking to disable ASLR (address space layout randomization) inside a Docker container. Not sure if it is possible. The container is running on Alpine, but from what I understand, ASLR is a Kernel feature and Docker uses the host kern… Continue reading Disable ASLR inside Docker container→

Backdooring PE binary compiled with ASLR

Posted on July 27, 2019 by Kartone

I’m practicing backdooring PE binary compiled with ASLR in a WOW64 environment. The approach is pretty straightforward and basically is something like this:

Find code cave and a hijacking point. In this case, I choose not to patch the en… Continue reading Backdooring PE binary compiled with ASLR→

Does every modern buffer overflow require multiple exploits in end user devices to be utilized?

Posted on July 24, 2019 by John Doe

On modern user oriented devices, such as Android phones, iPhones, PCs(Windows, MacOS, Linux), if there is a remote buffer overflow 0 day, are they only exploitable with the aid of multiple vulnerabilities? An example of this … Continue reading Does every modern buffer overflow require multiple exploits in end user devices to be utilized?→

Shapeshifting Morpheus chip aims to baffle hackers

Posted on July 19, 2019 by John E Dunn

Morpheus aims to make hacking so difficult at microprocessor level that attackers will give up long before they can do any damage. Continue reading Shapeshifting Morpheus chip aims to baffle hackers→

what is "AV" in av->system_mem and what does this line actually return [on hold]

Posted on July 15, 2019 by Surya Teja

what is “AV” in av->system_mem and what value does this line actually return??

Continue reading what is "AV" in av->system_mem and what does this line actually return [on hold]→

Why is Address Space Layout Randomization not effective against the Open SSL Heartbleed Vulnerability?

Posted on June 18, 2019 by AOrona

My understanding is that ASLR randomly arranges the key data areas of a process, and so reading contiguously above a buffer as is done in heartbleed would not be enough to achieve the exploit.

Continue reading Why is Address Space Layout Randomization not effective against the Open SSL Heartbleed Vulnerability?→

Simple buffer overflow trying to leak address of system()

Posted on June 17, 2019 by Bobby Bushay

Code:

#include <string.h>

void vuln(char *arg) {
char buffer[10];
strcpy(buffer, arg);
}

int main( int argc, char** argv ) {
vuln(argv[1]);
return 0;
}

I’ve determined I can input a buffer of 26 … Continue reading Simple buffer overflow trying to leak address of system()→

How to exploit buffer overflow without space after return address?

Posted on June 9, 2019 by hackedd

I’m working on a binary exploitation challenge where the target (ELF/x86_64) has stack canaries, NX and PIE enabled. It implements a simple forking TCP server. After a connection is established, it reads up to 0x420 bytes fro… Continue reading How to exploit buffer overflow without space after return address?→

Buffer overflow return address with null byte, workaround

Posted on April 18, 2019 by mirek

I’m practicing Buffer Overflows using Free Float FTP Server 1.0 on Windows 7 SP 1. I have done simple jmp esp examples on Windows XP, where system DLLs are without rebase or Address Space Layout Randomization (ASLR).

I’m now… Continue reading Buffer overflow return address with null byte, workaround→