Quantcast
Channel: InsanityBit » Exploit
Browsing all 10 articles
Browse latest View live

Another Universal ASLR Bypass Demonstrated

I’ve talked about ASLR issues in the past due to Windows/Linux implementation issues. It’s become more common to see these issues get exploited lately, though still surprisingly few times. The most...

View Article



Pwnium Two – Google Chrome To Hold Another Hacking Contest

Google had so much fun with the Pwnium competition the first time they’ve decided to hold another one. This should be interesting as we’ll get to see if Chrome exploits are really worth 60,000 dollars...

View Article

Java Zero-Day Out In The Wild

Another Java vulnerability is being exploited out in the open internet. It should work against all currently patched versions of Java and there is no patch out for it yet. Without knowing the details...

View Article

I Think It’s About Time Oracle Steps It Up

A lot of websites have started to flat out state that Java needs to be uninstalled on most users computers. And they’re not wrong – Java is exploited a ton and sandbox escape exploits in the JRE can...

View Article

Pwnium2 Is Over – One Exploit And It’s Already Patched

Pwnium2 is Google’s second competition where they challenge hackers to tear into the Chrome browser. The payouts are much larger than the typical bounty program with the highest being 60,000 dollars...

View Article


Security Software Usage Of Mitigation Techniques With Slopfinder

I recently read a post that used static analysis of executable files to see which applications were using DEP/ASLR and to what extent. This inspired me to perform the same analysis with the same tool,...

View Article

Outbound Firewalls Require HIPS

There is a reason why almost any major Firewall that uses outbound filtering also pairs with a HIPS component. It is trivial to bypass an outbound firewall without it. Why, you ask? Because Windows...

View Article

Microsoft’s Security Bounty Program

Microsoft has revealed details on its new bounty program for security research. Unlike a typical bounty program that just pays a researcher for finding a specific vulnerability, Microsoft is offering...

View Article


ExploitShield – Smart AntiExecutable

edit: I want this edit right at the top. ES has apparently stated that they have now (October ’13) added in stage one exploit mitigation techniques. They have provided zero documentation on how these...

View Article


Explanation Of Browser Exploitation

It was requested that I give a plain English explanation of how an attacker compromises a browser. I’m going to try to give a lot of detail in some areas but I will leave specific things out in order...

View Article
Browsing all 10 articles
Browse latest View live




Latest Images