Collaborate Disseminate
Stack Overflow, a popular question and answer site for programmers, disclosed a digital attack in which bad actors accessed its production systems. Mary Ferguson, VP of Engineering at the company, publicly revealed the incident on 16 May. In a statemen… Continue reading Stack Overflow Discloses Digital Attack against Production Systems
Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident.
Stack Overflow, one of the largest question and answer site for programmers, revealed… Continue reading Hackers Breach Stack Overflow Q&A Site, Some Users’ Data Exposed
To understand this question, it is very important that you first read (or skim) this question. Please do this before continuing. Thanks!
What does this mean?
Continue reading What are the security implications of SE logging sites you visit? [on hold]
I have made a little toy program, compiled with ALSR disabled, that I want to exploit using stack-based buffer overflow:
// gcc stackexec0x1.c -Wl,-z,execstack -no-pie -fno-stack-protector -o stackexec0x1
#include <stdli… Continue reading Cannot exploit stack-based buffer overflow with ASLR-disabled, since RSP differs heavily between executions?
With return-oriented programming, when we fill a buffer with the stack contents (arguments and return addresses) for the function calls we plan on “injecting,” how do we actually change the stack pointer to point to this buff… Continue reading What is Return-Oriented Programming? [on hold]
In a stack overflow/overwriting attack(which primarily either executes code written to stack or changes flow of program by changing return address), the defenses seem to be marking stack code as “data”, so it can’t be execute… Continue reading Stack overwriting/overflow protection using memory page flags
There is a 32-bit linux application. It’s possible to overwrite EIP easily. I will call this process: “send a string”.
It’s also possible to send about 10000 custom bytes to heap (it’s possible to send a float, and I can sen… Continue reading Need help in exploiting an overflow on Linux [on hold]
Stack Overflow is a hugely popular online forum/Q&A site that many programmers and software developers use to find answers to particular programming problems. Unfortunately, researchers recently found that a considerable portion of the information… Continue reading Popular coding advice doesn’t necessarily equal secure coding advice
I’ve been working on SEH Overwrite Lab from the Exploits 2 course by Corey Kallenberg from Open Security Training.
The environment is Windows XP SP3 32 bit and the programs was compiled with Visual C++ 2008 Express Edition w… Continue reading SEH Overwite Exploit
Stack Overflow and other various sites and tools have made it easy to Google search for solutions — or code snippets — to the easier parts of putting together an app or program for developers, but Aidan Cunniffe wants to take that one automated step further. That’s the premise behind Optic, which gives developers a way […] Continue reading Optic wants to help developers drop boilerplate code into their development flow