Har laget en liten liste over artikler som jeg synes er verdt å lese
Formålet var i utgangspunktet å finne artiklene som beskrev et konsept for første gang og artiklene som videreutviklet disse konseptene, slik at jeg kunne danne meg et kronologisk bilde av hvordan ting har utviklet seg.
Forslag til tilføyelser mottas med takk
Buffer overflows:
-----------------
http://insecure.org/stf/mudge_buffer..._tutorial.html How to write buffer overflows, mudge, 1995
http://www.phrack.com/issues.html?issue=49&id=14 Smashing the stack for fun and profit, Aleph One, 1996
http://www.phrack.com/issues.html?issue=55&id=8 The Frame Pointer Overwrite, klog, 1999
http://www.phrack.com/issues.html?issue=55&id=15 win32 buffer overflows, dark spyrit, 1999
Return-into-lib / Return oriented programming:
----------------------------------------------
http://marc.info/?l=bugtraq&m=87602746719512 Getting around non-executable stack (and fix) (First public description of a return-into-libc exploit), Solar Designer, 1997
http://www.phrack.com/issues.html?issue=58&id=4 More advanced ret-into-lib(c) techniques, Nergal, 2001
http://benpfaff.org/papers/asrandom.pdf On the effectiveness of address-space randomization, , 2004
http://www.suse.de/~krahmer/no-nx.pdf Borrowed code chunks exploitation technique, Sebastian Krahmer, 2005
http://cseweb.ucsd.edu/~hovav/dist/geometry.pdf The Geometry of Innocent Flesh on the Bone: Return-into-libc without function calls, Hovav Shacham, 2007
http://www.immunitysec.com/downloads/DEPLIB.pdf Defeating DEP, the Immunity Debugger way, Pablo Solé,2008
http://www.usenix.org/event/evtwote0.../checkoway.pdf The Case of Return-Oriented Programming and the AVC Advantage, 2009
Heap exploitation:
------------------
http://w00w00.org/files/articles/heaptut.txt w00w00 on heap overflows, Matt Conover, 1999
http://www.phrack.com/issues.html?issue=57&id=8 Vudo - An object superstitiously believed to embody magical powers, Michel "MaXX" Kaempf, 2001
http://www.phrack.com/issues.html?issue=57&id=9 Once upon a free(), anonymous author, 2001
http://www.phrack.com/issues.html?issue=61&id=6 Advanced Doug Lea's malloc exploits, jp, 2003
http://www.derkeiler.com/Mailing-Lis...4-02/0024.html Exploiting the wilderness, Phantasmal Phantasmagoria, 2004
http://www.packetstormsecurity.org/p...aleficarum.txt Malloc Maleficarum, Phantasmal Phantasmagoria, 2005
http://www.phrack.com/issues.html?issue=66&id=6 Yet another free() exploitation technique, huku, 2009
Format string exploitation:
---------------------------
http://crypto.stanford.edu/cs155old/...string-1.2.pdf Exploiting format string vulnerabilities, scut / Team-TESO, 2001
http://www.phrack.com/issues.html?issue=59&id=7 Advances in format string exploitation, gera, 2002
http://www.milw0rm.com/papers/103 An alternative method in format string exploitation, K-sPecial, 2006
Integer overflows:
--------------
http://www.phrack.com/issues.html?issue=60&id=9 Big Loop Integer Protection, Oded Horovitz, 2002
http://www.phrack.com/issues.html?issue=60&id=10 Basic Integer Overflows, blexim, 2002
Null-ptr dereference:
---------------------
http://cansecwest.com/core05/memory_vulns_delalleau.pdf Large memory management vulnerabilities, Gaël Delalleau, 2005
http://www.uninformed.org/?v=4&a=5&t=pdf Exploiting the Otherwise Non-exploitable on Windows, skape, 2006
http://www.juniper.net/solutions/lit...ite-Attack.pdf Vector rewrite attack, Barnaby Jack, 2007
http://documents.iss.net/whitepapers...e_WP_final.pdf Application-Specific Attacks: Leveraging the ActionScript Virtual Machine, Mark Dowd, 2008
JIT-spray:
----------
http://www.semantiscope.com/research...2010-Paper.pdf Pointer inference and JIT-Spraying, Dion Blazakis, 2010
http://dsecrg.com/files/pub/pdf/Writ...d%20profit.pdf Writing JIT shellcode for fun and profit, Alexey Sintsov, 2010
Other:
------
http://seclists.org/bugtraq/2000/Dec/175 Overwriting the .dtors section, Juan M. Bello Rivas, 2000
http://vxheavens.com/lib/viz00.html Abusing .CTORS and .DTORS for fun 'n profit, Izik, 2006
Formålet var i utgangspunktet å finne artiklene som beskrev et konsept for første gang og artiklene som videreutviklet disse konseptene, slik at jeg kunne danne meg et kronologisk bilde av hvordan ting har utviklet seg.
Forslag til tilføyelser mottas med takk
Buffer overflows:
-----------------
http://insecure.org/stf/mudge_buffer..._tutorial.html How to write buffer overflows, mudge, 1995
http://www.phrack.com/issues.html?issue=49&id=14 Smashing the stack for fun and profit, Aleph One, 1996
http://www.phrack.com/issues.html?issue=55&id=8 The Frame Pointer Overwrite, klog, 1999
http://www.phrack.com/issues.html?issue=55&id=15 win32 buffer overflows, dark spyrit, 1999
Return-into-lib / Return oriented programming:
----------------------------------------------
http://marc.info/?l=bugtraq&m=87602746719512 Getting around non-executable stack (and fix) (First public description of a return-into-libc exploit), Solar Designer, 1997
http://www.phrack.com/issues.html?issue=58&id=4 More advanced ret-into-lib(c) techniques, Nergal, 2001
http://benpfaff.org/papers/asrandom.pdf On the effectiveness of address-space randomization, , 2004
http://www.suse.de/~krahmer/no-nx.pdf Borrowed code chunks exploitation technique, Sebastian Krahmer, 2005
http://cseweb.ucsd.edu/~hovav/dist/geometry.pdf The Geometry of Innocent Flesh on the Bone: Return-into-libc without function calls, Hovav Shacham, 2007
http://www.immunitysec.com/downloads/DEPLIB.pdf Defeating DEP, the Immunity Debugger way, Pablo Solé,2008
http://www.usenix.org/event/evtwote0.../checkoway.pdf The Case of Return-Oriented Programming and the AVC Advantage, 2009
Heap exploitation:
------------------
http://w00w00.org/files/articles/heaptut.txt w00w00 on heap overflows, Matt Conover, 1999
http://www.phrack.com/issues.html?issue=57&id=8 Vudo - An object superstitiously believed to embody magical powers, Michel "MaXX" Kaempf, 2001
http://www.phrack.com/issues.html?issue=57&id=9 Once upon a free(), anonymous author, 2001
http://www.phrack.com/issues.html?issue=61&id=6 Advanced Doug Lea's malloc exploits, jp, 2003
http://www.derkeiler.com/Mailing-Lis...4-02/0024.html Exploiting the wilderness, Phantasmal Phantasmagoria, 2004
http://www.packetstormsecurity.org/p...aleficarum.txt Malloc Maleficarum, Phantasmal Phantasmagoria, 2005
http://www.phrack.com/issues.html?issue=66&id=6 Yet another free() exploitation technique, huku, 2009
Format string exploitation:
---------------------------
http://crypto.stanford.edu/cs155old/...string-1.2.pdf Exploiting format string vulnerabilities, scut / Team-TESO, 2001
http://www.phrack.com/issues.html?issue=59&id=7 Advances in format string exploitation, gera, 2002
http://www.milw0rm.com/papers/103 An alternative method in format string exploitation, K-sPecial, 2006
Integer overflows:
--------------
http://www.phrack.com/issues.html?issue=60&id=9 Big Loop Integer Protection, Oded Horovitz, 2002
http://www.phrack.com/issues.html?issue=60&id=10 Basic Integer Overflows, blexim, 2002
Null-ptr dereference:
---------------------
http://cansecwest.com/core05/memory_vulns_delalleau.pdf Large memory management vulnerabilities, Gaël Delalleau, 2005
http://www.uninformed.org/?v=4&a=5&t=pdf Exploiting the Otherwise Non-exploitable on Windows, skape, 2006
http://www.juniper.net/solutions/lit...ite-Attack.pdf Vector rewrite attack, Barnaby Jack, 2007
http://documents.iss.net/whitepapers...e_WP_final.pdf Application-Specific Attacks: Leveraging the ActionScript Virtual Machine, Mark Dowd, 2008
JIT-spray:
----------
http://www.semantiscope.com/research...2010-Paper.pdf Pointer inference and JIT-Spraying, Dion Blazakis, 2010
http://dsecrg.com/files/pub/pdf/Writ...d%20profit.pdf Writing JIT shellcode for fun and profit, Alexey Sintsov, 2010
Other:
------
http://seclists.org/bugtraq/2000/Dec/175 Overwriting the .dtors section, Juan M. Bello Rivas, 2000
http://vxheavens.com/lib/viz00.html Abusing .CTORS and .DTORS for fun 'n profit, Izik, 2006