As a security researcher, I’m keen to learn new exploitation techniques and the art of kernel exploitation is no exception. Whilst preparing my slides for 44CON 2013, I was looking for an easy kernel vulnerability to demonstrate. CVE-2013-2171 was a recent vulnerability that was reported in FreeBSD 9.0 which fitted the bill. Continue reading
The purpose of this document is to present a technical report of the CVE-2013-5065 vulnerability. A few days ago, FireEye identified a 0 day kernel exploit embedded within a PDF document actively used in the wild. The vulnerability itself is present in the NDProxy kernel driver. Whilst this is present in all versions of Windows, the vulnerability itself is only present in Windows 2003 and XP. The NDProxy driver is responsible for interfacing NDISWAN and CoNDIS WAN drivers to the TAPI services. Continue reading
Rather than representing a definitive guide, this document represents a review of the specific security issues identified during Portcullis Computer Security Ltd’s recent research into System V shared memory segments and their usage. Continue reading
smaSHeM is a System V shared memory segment manipulator. Continue reading
The purpose of this document is to present the second part of a technical report of the CVE-2013-0640 vulnerability targeting Adobe Reader version 9, 10 and 11. It was first spotted in February 2013 and has been used actively in the wild. Continue reading
This document aims to present a technical report of the CVE-2013-0640 vulnerability targeting Adobe Reader version 9, 10 and 11. It was first spotted in February 2013 and has been used actively in the wild. This is the first article of a set. It covers the full detailed analysis of the bug. Continue reading
Presentation on system level vulnerabilities (as given at 44CON 2013). Continue reading
Early this morning, whilst checking my mail, I saw an interesting advisory come out on one of the lists. The fact that it affects AIX 7.1 was particularly interesting because this is the most recent release. Unlike some of the other commercial UNIX vendors, IBM make their security patches nice and accessible, so I decided to take it for a spin. Continue reading
Presentation on auditing and bug hunting on AIX (as given at 44CON 2012). Continue reading
Presentation on exploiting linkers based on my paper (as given at Uncon 0×12 and CRESTCon 2010). Continue reading