2012-04-12:

HITB Magazine #8

HITB Magazine
Just in case you missed it HITB Magazine #8 is out!

http://magazine.hitb.org/
PDF Download link is on the right (~2MB) and in addition you can order a printed copy on the bottom of the page.

I've placed the full Table of Content on the bottom of this post, but personally I would like to recommend one specific article:

The Story of CVE-2011-2018 exploitation by Mateusz "j00ru" Jurczyk

The interesting thing about this article is that it's actually a follow-up on a bug j00ru found while coding the engine for our "Pimp My Crackme" competition (winning) entry. Long story short: at one moment the engine (which is heavily based on x86 segmentation and custom LDT segments) started BSoDing the machine; j00ru found a workaround at that time (so that our crackme would not BSoD the machine) and looked at the issue later. The issue turned out to be a very interesting "priv. escal." in the privilege level switching code (if I remember correctly that is), which required a clever chain of steps to actually be exploited.
Well, you can read all about it in the article :)

The full ToC:

The Exploit Distribution Mechanism in Browser Exploit Packs
by Aditya K Sood, Richard J Enbody and Rohit Bansal

The Story of CVE-2011-2018 exploitation
by Mateusz “j00ru” Jurczyk

Reverse Shell Traffic Obfuscation
by Ben Toews

Jobs and Certifications. Looking at the 2012 Landscape
by Clement Dupuis

Practical Malware Analysis
book by Michael Sikorski and Andrew Honig

The Tangled Web
book by Michał Zalewski

A Bug Hunter’s Diary
book by Tobias Klein, reviewed by Mateusz “j00ru” Jurczyk

Online Security at the Crossroads
by Jonathan Kent

Enjoy! :)

Add a comment:

Nick:
URL (optional):
Math captcha: 1 ∗ 5 + 8 =