Introduction

VMMap is a process virtual and physical memory analysis utility. It shows a breakdown of a process's committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Besides graphical representations of memory usage, VMMap also shows summary information and a detailed process memory map. Powerful filtering and refresh capabilities allow you to identify the sources of process memory usage and the memory cost of application features.

VMMap

Good PDF intro

HackingPDFReaders-uCon-2009.pdf (application/pdf Object)

Exploring Heap-Based Buffer Overflows with the Application Verifier

Isolating the root cause of a heap-based buffer overflow can be tricky at best. Thankfully, Microsoft provides a great tool called the Application verifier, which makes the process significantly gentler.

Exploring Heap-Based Buffer Overflows with the Application Verifier - Security

A look at hacking from an academic perspective.

rss-hacker-research.pdf (application/pdf Object)

This paper introduces yet another function to defeat Windows DEP. It is
assumed that the reader is already familiar with buffer overflows on x86,
and has a basic understanding of the DEP protection mechanism. The technique
discussed in this paper is aimed at Windows XP, however, it should also work
on other Windows versions given that the attacker has some way to find the
address of the DLL, such as through a memory disclosure, etc. This paper
does not address the issue of ASLR, rather it recognizes ASLR as a
completely separate problem. The method described here is not conceptually
groundbreaking, and is ultimately only as impressive as any other ret-2-lib
technique.

Exploitation With WriteProcessMemory()

Writing egghunt shellcode by hand

Matt Miller is the fucking man. End. of. story.

(Old but still informative).

egghunt-shellcode.pdf (application/pdf Object)

(A)leatory (P)ersitent (T)hreat

Great writeup by internet badass Nico.

Etica Nicomana: (A)leatory (P)ersitent (T)hreat

ShaREing is Caring – Announcing the free BinCrowd community server
By Sebastian Porst

Hi everyone,

today at CanSecWest Thomas and I gave a talk where we announced the BinCrowd community server which zynamics makes available to the reverse engineering community for free. BinCrowd is a collaborative reverse engineering tool that can be used by reverse engineers to keep a repository of reverse engineered information and share this information with friends and colleagues.

ShaREing is Caring – Announcing the free BinCrowd community server « blog.zynamics.com

Using custom viewers from IDAPython

Custom viewers can be used to display arbitrary textual information and can be used in any IDA plugin.They are used in IDA-View, Hex-View, Enum and struct views and the Hex-Rays decompiler.
In this blog entry we are going to write an ASM file viewer in order to demonstrate how to create a custom viewer and populate it with colored lines.

Hex blog: Using custom viewers from IDAPython

Can you still trust your network card ?
français
24 March 2010

During the CanSecWest international conference in Vancouver, members of ANSSI (French Network and Information Security Agency) described how an attacker could remotely take full control of a particular network card model.

This page gives a summary of the materials that have been presented and aims at answering questions corresponding to this presentation.

Agence nationale de la sécurité des systèmes d’information - Can you still trust your network card ?