InsecureProgramming: hands on exploit development
From: Iván Arce (iarce@core-sdi.com)Date: 07/28/01
- Previous message: supergate@twlc.net: "Re: SERIOUS BUG IN PHPNUKE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <01fe01c116f0$38a71280$2e58a8c0@ffornicario> From: Iván Arce <iarce@core-sdi.com> To: <core.lists.exploit-dev@core-sdi.com> Subject: InsecureProgramming: hands on exploit development Date: Fri, 27 Jul 2001 20:02:33 -0300
Hello
A friend and co-worker (Gerardo Richarte, gera AT corest.com)
has set up a web page with a set of small vulnerable programs.
The idea behind this is to write an exploit for each of them and
while doing so learn a bit (on a hands on experience) about
interesting techniques for exploit development and how to
actually implement those techniques.
Get together all your text files and articles about buffer
overflows, format string bugs and etceteras and go to:
http://community.core-sdi.com/~gera/InsecureProgramming/
plenty of interesting things to exploit, stack and heap overflows,
destructors, signal handlers, function pointers, PLTs, etc.
Gera says hes still working on the page but will benefit a lot
from input and feedback from anyone.
keep your exploits to yourself or post them or discuss about
them or whatever.
cheers,
-ivan
---"Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, Its nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce
CORE SDI Inc. Iván Arce Chief Technology Officer PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email : iarce@core-sdi.com http://www.core-sdi.com Florida 141 2do cuerpo Piso 7 C1005AAC Buenos Aires, Argentina. Tel/Fax : +(54-11) 4878-CORE (2673)
- Previous message: supergate@twlc.net: "Re: SERIOUS BUG IN PHPNUKE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
