Posts

Showing posts from May, 2018

Windows Exploit Development (primer II) : Corrupting Structured Exception Handling and Controlling Memory Pointers

Image
I folks this post is part of a series in which I introduce some good fundamentals in windows exploit development - basically documenting as I learn it myself!

In this post we are going to essentially going to find out how our input breaks certain structures in memory, find different ways to crash the program and discuss the fun things these crashes let us do with out input! Lets get going :)
What you need to get going Exactly the same as last time!
Windows Virtual Machine Debugger Tools for windowsEasy MPEG to DVD Burner (copy available on exploit-db)(optional) python script payloadgen.py mentioned later on in the post Corrupting Memory
I assume you've got everything sorted out in terms of debugging the application. If its broken in you can get it running after a breaking by using the "g" command like this:



It should start running unless for some reason it hits another breakpoint. Hit "g" as many times are you need to get the application running smoothly and re…

Windows Exploit Development (primer) : Debugging Threads and Analyzing Memory

Image
Hi folks I thought its about time to start blogging about the little experience I have in low level exploitation and analysis - so here goes. To start off on your windows exploitation journey you need to be able to get to grips with a tool and some tricks to get you look at your target the right way. In this post I cover somethings that may help a ton! 
Debugging ThreadsTo get started you are probably going to need a couple things sorted out first, namely a simple windows VM setup with debug tools (tons of tutorials out there on the internet) and a target to exploit: A Windows VM (Microsoft made them free which is awesome!)Windows Debug ToolsYou should grab a copy of  Easy MPEG to DVD Burner on exploit db.
Before we can start crashing programs and controlling EIPs we need to make sure we have the right view of the target we are exploiting. Windows debugger is actually pretty useful in this regard so open it up, open the target program and attach the debugger to it like so:




Once you've…

[Software Philosophy] The Hegelian Triad of Software Development

Image
One question that was pretty interesting to think about in recent days was to try and explain what could be an expression of Hegel's Triad (the anti-thesis, thesis and synthesis of ideas or more directly the "Abstract - Negative - Concrete") as it pertains to development/engineering of software.


How to Stomach Hegel's Triad 
Hegel was a ground breaking philosopher who thought up ways to explain our own experience of fundamentally experiencing consciousness and these beasts called "conscious structures" - hyper organizations of collective consciousness experience.

He, in other works not only critiqued history with regards to how it paints a picture of our own experience of conscious structures (allows us today to ask questions in a very enlightening way for instance: "is anonymity the same as it was in ancient rome?" "did the mayans have a concept of privacy- is it different ours" etc etc) - but is credited by inventing the very idea of …

Toward a critical phenomenology of closed source security

In my critical view and by argument here I claim that closed sourcing imposes a limitation of everyone's view of the software and fair determination of its properties. In other words my argument is essentially even though closed source achieves ANY properties in software it does so by maintaining a practice that actually limits fair determination such a property can even be provably achieved. There mere idea that companies who distribute closed source (from the perspective of users and developers) can perform a pantomime convincing people that they ever achieve security at some point (in a way apologetic sincerely to the subjective domain of the user) - does not sway my ability to take crucially the lack of actually evidence for any claim (due to the lack of source code as proof at least!) for achievement of these properties, and the constant and almost publicly accepted complete failure of their security efforts (Mac Root Bug  failures, Oracles notoriously bad patching history e…