I'm sorry, but the slides are, again, in Polish (well, the source codes and demo videos don't have Polish in them, mostly because they don't have any text at all). I've been informed that a video from the lecture will available, so I'll take my time and attach English subtitles if anyone will be interested in it (let me know if you are interested).
Anyway, my lecture was about return-oriented exploiting (yep, I've already touched this topic the other day on this blog) - it contained a little history, how does it work, how to make loops and conditional jumps, and also I've presented a small app (for source/binary see below) that scans the memory of a process for usable return-ended instruction sequences (I've named it rta_finder).
The lecture went quite smooth, however I must admit that I was worried that I'll loose my voice - I attended the conference with a cold, and my voice was hoarse - hopefully the organizers gave me a glass of hot water, and in the end I lost my voice after my lecture ;>
Enough of that, the materials are available here:
Slideshow (336kb PDF)
The demos (all of them) (15mb ZIP(AVI)) - they are "synced" with the "DEMO XX" slide in the slideshow.
A single demo - sysday_01.avi (5mb AVI) - DEMO 01 - presenting the vulnerable application
A single demo - sysday_02.avi (5mb AVI) - DEMO 02 - searching for instruction sequences
A single demo - sysday_03.avi (3mb AVI) - DEMO 03 - first exploit (exp1) in action
A single demo - sysday_04.avi (6mb AVI) - DEMO 04 - an unconditional jump under the debugger
Sources, executables (220kb ZIP(CPP,EXE)) - the test application, rta_finder and exploits, all with source code (warning: chaos inside)
And thats all.
P.S. Until today 7 readers have found the pink unicorn on the main page of my blog, good work (I'll attach a full unicorn hall of fame later)!
Sections
- lang: |
- RSS: |
- About me
- Tools
- → YT YouTube (EN)
- → D Discord
- → M Mastodon
- → T Twitter
- → GH GitHub
Links / Blogs
- → dragonsector.pl
- → vexillium.org
- Security/Hacking:
- Reverse Eng./Low-Level:
- Programming/Code:
Posts
- Debug Log: Internet doesn't work (it was the PSU),
- FAQ: The tragedy of low-level exploitation,
- Solving Hx8 Teaser 2 highlight videos!,
- Gynvael on SECURITYbreak podcast,
- Paged Out! #4 is out,
- I won't be able to attend CONFidence'24 after all :(,
- xz/liblzma: Bash-stage Obfuscation Explained,
- Two of my bookmarklets: image extraction and simple TTS,
- Paged Out! #3 is out,
- My howto script,
- → see all posts on main page
// copyright © Gynvael Coldwind
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris
/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */
Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris
/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */
Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek
Add a comment: