Showing 18 results for: Open Source ×

Linux Kernel ROP - Ropping your way to # (Part 2)

Introduction In Part 1 of this tutorial, we have demonstrated how to find useful ROP gadgets and build a privilege escalation ROP chain for our test system (3.13.0-32 kernel - Ubuntu 12.04.5 LTS). We have also developed a vulnerable kernel...

Linux Kernel ROP - Ropping your way to # (Part 1)

Kernel ROP In-kernel ROP (Return Oriented Programming) is a useful technique that is often used to bypass restrictions associated with non-executable memory regions. For example, on default kernels1, it presents a practical approach for bypassing kernel and user address separation...

Signed Ruby Gems: A c7decrypt walk-through

As someone who's responsible for a number of Ruby projects, both open-source and commercially developed, I'm always on the look out for new ways to improve how they are secured and delivered to end-users. The most common method for delivering...

Cracking IKE Mission:Improbable (Part3)

Introduction As discussed in parts 1 and 2 of this series, the most common VPN endpoints (responders) found supporting Aggressive Mode negotiation are Cisco devices. However, they are also almost always supported by a second factor authentication mechanism known as...

Monkey Patching the Matrix

For those of you not familiar with monkey patching, it’s a mechanism to “extend or modify the run-time code of dynamic languages without altering the original source code”. Previously, I demonstrated how monkey patching can modify the logic of a...

Responder 2.0 - Owning Windows Networks part 3

Introduction: The power and flexibility of Responder has grown significantly over the past year. Responder is a powerful and easy-to-use tool for penetration testers looking to highlight and exploit weaknesses in a number of popular default network configurations. In this...

Introducing ModSecurity Status Reporting

The Trustwave SpiderLabs Research team is committed to making ModSecurity the best open source WAF possible. To this end, we have deployed Buildbot platforms and revamped regression tests for our different ports to ensure code quality and reliability. But we...

ModSecurity XSS Evasion Challenge Results

On July 30th, we announced our public ModSecurity XSS Evasion Challenge. This blog post will provide an overview of the challenge and results. Value of Community Testing First of all, I would like to thank all those people that participated...

Vino VNC Server Remote Persistent DoS Vulnerability

Last week, I was making some performance enhancements to the VNC protocol implementations in the TrustKeeper Scanning Engine. Unfortunately, in my mission to "Go Fast!", I managed to trigger a Denial of Service (DoS) vulnerability in Vino. Vino is the...

Securing Continuous Integration Services

Summary Over the last couple weeks, I've had the distinct privilege to share some of my research surrounding continuous integration security. The presentation was dubbed "Attacking Cloud Services w/ Source Code" and was presented at both SOURCE Boston 2013 and...

Securing Continuous Integration Services

Summary Over the last couple weeks, I've had the distinct privilege to share some of my research surrounding continuous integration security. The presentation was dubbed "Attacking Cloud Services w/ Source Code" and was presented at both SOURCE Boston 2013 and...