http://labs.portcullis.co.uk Labs Portcullis updates. en Labs portcullis Tue, 22 Feb 2011 11:21:22 GMT http://backend.userland.com/rss 60 hhttp://labs.portcullis.co.uk/mg/logo.gif http://labs.portcullis.co.uk Tue, 17 Jun 2008 13:11:17 GMT http://labs.portcullis.co.uk/application/introduction-to-format-strings/ <h2>What?</h2> <p>This presentation tries to cover the basics of format strings exploitation. Starting with an explanation of the legitimate use of Format Strings (Yin) moving onto how programming flaws can be exploited using this technique.</p> <h2>Why?</h2> <p>I spent many months getting my head aorund the nuonces of FS explitation so though I would put together a presentation on all the little things that I though were they key points when coming accross this subject for the first time. This hopefully will&nbsp; act as a good basis for the <a href="/content/more-adventures-in-format-strings/">More Adventures In Format Strings</a> presentation</p> Mon, 14 Apr 2008 15:11:37 GMT http://labs.portcullis.co.uk/application/more-adventures-in-format-strings/ <h2>What?</h2> <p>This presentation covers a method for exploiting format string vulnerabilities which is compared to techniques used for exploiting heap smashes. It does not not cover the basics of the vulnerability because these seem ten a panny.</p> <h2>Why?</h2> <p>Much work has been written about covering the underlying principles of format strings but not much seemed to be written concerning this specific technique. More over is was written to push forward a method and library that can be used to optimise format strings to fit into smaller buffer spaces</p>