3 Jul

DEP/ASLR bypass using 3rd party + Clarification

Posted by shahin in advisory, Exploits / BUG Decryption, news | Tags :, , , , , , , , , , , |

hello again to all of our great readers .

is this post we are going to do some clarification also share and drop some random 0day DEP/ASLR bypass using 3rd parties .

due to there is lots of things to say we wrote all the notes as an article called “The Arashi”.

 

Table of content :

===============================================================

Introduction and warning

The Story of Sayonara

First Method: ASLR Bitter

Second Method: Process Explorer

Narly Windbg Extension

Mona / PVEFindAddr

Ropping this fun DLL

First 0day tatsumaki

Second (half) 0day Ikazuchi

Third 0day Sugokunai

Final Note

===============================================================

and finally  here you can download it from  : here

note that the offer in paper will be expire in 10 day so if you are verified and need one of modules let us know .

as always feel free to contact us : info [at] abysssec.com

and also follow @abysssec in twitter

 

One Response to this post.

  1. Posted by Universal DEP/ASLR bypass with msvcr71.dll and mona.py | Corelan Team on 03.07.11 at 2:34 pm

    [...] by the Metasploit bounty "incident", the fact that Abysssec published a post/document just a few hours ago, and because Immunity already released the routine, I decided to take a look [...]

Categories

Blogroll

  • Alexander Sotirov
  • Exploit Database
  • Hex-Rays Blog
  • Kostya Kortchinsky
  • Nicolas waisman
  • Offensive-Security blog
  • Peter Van Eeckhoutte
  • SkyLined Blog

Get Adobe Flash player