Archive for the ‘exploit’ Category

ExploitHub Evolved

July 4, 2017

Knowing when to call it quits or pivot is an important life skill.  Unfortunately, this time has come for ExploitHub.  From the recently updated



Microsoft Exploitability Index

November 5, 2009

Earlier today, this article from ComputerWorld came across my desk.  The headline grabbed my attention, having indicated controversy and disagreement, which of course I’m going to look into.  The article, which cites Microsoft’s semi-annual security intelligence report, claims that  Microsoft has only been right in it’s vulnerability exploitability predictions about 27% of the time.  Others quoted in the article purport that since their accuracy is so low, what’s the point?

They’re obviously missing the point, and I suggest that the premise of even trying to calculate such a metric as its accuracy is fundamentally flawed.


The Folly of a Scheduled Patch Release Cycle

December 11, 2008

A number of years ago, Microsoft led the charge by moving away from a dynamic patch release schedule to a monthly patch release schedule, essentially creating an imposed monthly patch cycle for their customers.  Since then, many other vendors have followed suit.  There are opinions and arguments supporting both a release schedule philosophy as well as a release upon completion philosophy, and today I’m going to outline where I stand on the issue.


MS08-033 AVI/MJPG Vulnerability

June 17, 2008

Since last Tuesday (Microsoft Patch Tuesday), I’ve taken a break from coding Application Protocol Simulators (the hot-button item at BreakingPoint right now) and worked on the Security side of the product. I’ve spent almost exactly one week working on a Strike-set for the ms08-033 AVI/MJPG vulnerability.  The Strike-set includes 8 Strikes all which generate dynamic, randomized, malicious AVI files to attack and trigger the vulnerability. If you’re into vulnerability exploitation technology, you should check out the details over at my employer’s blog.

Context-keyed Payload Encoding Whitepaper

January 28, 2008

Today, my research paper entitled “Context-keyed Payload Encoding” was published in Uninformed Journal vol. 9. If you’re into cutting-edge exploitation technology, you should check it out. This is the research I presented at ToorCon 9 last October.


November 13, 2007

My second Microsoft Patch Tuesday at the new employer was fairly uneventful. This Tuesday there was only one patch rated critical, MS07-061, and as it turns out it was the bug that I had already worked on last week. Essentially all I had to do was update my strikes from last week with the new reference and rename them, and our team was essentially done. You can read the details about the patched vulnerability over at the BreakingPoint BreakingPoint blog.


October 15, 2007

Last week was Microsoft Patch Tuesday, and for once it actually affected me directly. The team I am part of at my new employer is responsible for reversing out patches such as these, determining the vulnerability that was patched, and developing ways to exploit or otherwise attack the software. From the advisories that were released, I ended up with ms07-055 which detailed a stack overflow in the Kodak Image Viewer which was used as the default image handling application on Windows 2000 systems. After spending most of Tuesday setting up VMWare and installing some tools like IDA Pro and BinDiff, I was able to get started.