justin November 26th, 2008
The Frequency X blog has a writeup on a NULL pointer dereference bug I found a while ago in Firefox. I always find these types of bugs interesting because they require such unique approaches to getting code execution. If youre similarly inclined, you can read the post and follow the details of the exploit process yourself.
mark November 25th, 2008
Two weeks ago I spoke at PacSec on browser exploitation in Vista. Although it was based on the talk Alex and I gave at BlackHat, there was some new material in this talk and a slightly different focus. Specifically, I targeted web languages (in particularly .NET and Java), and the implications these languages have on memory corruption-style exploits. Some of the topics covered include “Virtual Shellcode” (writing shellcode in a language such as Java rather than native code in order to bypass DEP), statically located DLLs in web pages (we covered this at blackhat), and overwriting native stubs in .NET. The slides are now available here for anyone who is interested.
This blog provides running commentary from Mark Dowd, John McDonald, and Justin Schuh, the authors of the book: The Art of Software Security Assessment. You can purchase a copy from Amazon, or directly from the publisher, Addison-Wesley, and peruse the sample chapter on C Language vulnerabilities.