Syscall Proxying is a powerful technique when staging attacks against code injection vulnerabilities (buffer overflows, user supplied format strings, etc) to successfully turn the compromised host into a new attack vantage point. It can also come handy when "shellcode" customization is needed for a certain attack (calling setuid(0), deactivating signals, etc). Syscall Proxying can be viewed as part of a framework for developing new penetration testing tools. Developing attacks that actively use the Syscall Proxying mechanism effectively raises their value. This technique was presented at the Black Hat Briefings USA 2002. The presentation along with a whitepaper and sample tools can be found at: http://www.corest.com/blackhat2002.htm salud! max/ -- Maximiliano Caceres Product Engineer CORE SECURITY TECHNOLOGIES Florida 141 - 2º cuerpo - 7º piso C1005AAC Buenos Aires - Argentina Tel/Fax: (54 11) 4878-CORE (2673) http://www.corest.com --- for a personal reply use: Maximiliano Caceres <maximiliano.caceresat_private> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Aug 07 2002 - 12:13:06 PDT