Dailydave mailing list archives

Re: rootkit.com article

From: Dave Aitel <dave () immunitysec com>
Date: Wed, 28 Jan 2004 14:03:16 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does an off-by-one work? Windows is almost always exploitable that way.
- -dave


wirepair wrote:

| That is definitly a slick technique, too bad it doesn't have
| anything about the format of the string being oddly changed to
| unicode, but not containing the 00's. Problem I'm running into
| right now, kinda hard to overwrite anything useful (seeing as how
| handlers/exception filters are > 7f). -wire
|
| On Tue, 27 Jan 2004 18:29:41 -0500 Dave Aitel
| <dave () immunitysec com> wrote:
|
|> I think its cool how greg hoglund documented some part of canvas
|> that I never did. :>
|>
|> http://www.rootkit.com/newsread.php?newsid=45
|>
|> -dave _______________________________________________ Dailydave
|> mailing list Dailydave () lists immunitysec com
|> http://www.immunitysec.com/mailman/listinfo/dailydave
|
|
| -- Visit Things From Another World for the best comics, movies,
| toys, collectibles and more. http://www.tfaw.com/?qt=wmf
| _______________________________________________ Dailydave mailing
| list Dailydave () lists immunitysec com
| http://www.immunitysec.com/mailman/listinfo/dailydave


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAGAd0zOrqAtg8JS8RAuBhAJ94EuVBcxT4VJIIylKOf9/piPVp7wCfRaRF
dP5+gDNoE4jAXVVsjNcIy9Q=
=BHlA
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

rootkit.com article Dave Aitel (Jan 27)
- Re: rootkit.com article wirepair (Jan 27)
  - Re: rootkit.com article Dave Aitel (Jan 28)
    - Re: rootkit.com article Rodney Thayer (Jan 28)