View RSS Feed

All Blog Entries

  1. Evading AV Signatures..Derailing the Antivirus--"vinnu"

    Evading AV Signatures..Derailing the Antivirus

    Author: "vinnu"
    Greetz : Prashant Uniyal, b0nd, Lord Deathstorm, D4rk357, G4H
    Team : Legion Of Xtremers (LOX).

    The perimeter defence (antivirus) is still considered fullproof measure by most of people
    in virtual world. Such an assumption is fatal and can lead to more sophisticated compromise
    of systems.

    Note: In my last paper, "Heap spray -- Slipping CPU ...
  2. Heap Spray --- Slipping CPU to our pocket--continued

    Above exploit will take nearly a minute to spraY the heap. Also study the performance graph of memory and cpu in taskmanager for
    better understanding the heap spray technique.

    2. IE iepeers:

    The following code can trigger the vulnerability in ieepeers.dll in internet explorer:

    <button id='butid' onclick='trigger();' style='display:none'></button>

    <!--place the sprayer ...
  3. Heap Spray --- Slipping CPU to our pocket--by "vinnu"

    Heap Spray --- Slipping CPU to our pocket

    Author : "vinnu"
    Team : "Legion Of Xtremers" (LOXians)
    Greetz : Prashant Uniyal, b0nd, D4rk357, skylined

    Rootkit Information:

    IDE: any text editor
    Language : Javascript
    Targets: Web browsers

    As the name defines itself Heap Spray technique uses the spraying of heap memory
    with injection vector.
    Injection Vector: Nop sled + Shellcode ...
  4. Windows Link exploit (shortcut file) race condition tackling--"vinnu"

    Team : Legion Of Xtremers / Garage4Hackers
    author : "vinnu"
    Greetz : Prashant Uniyal, b0nd, D4rk457, and Secfence team.
    Exploit path :
    Exploit by : Ivanlef0u

    Windows Link exploit (shortcut file) race condition tackling

    The .lnk exploit retrieves a DLL from remote machine and execute it while the icon
    for the shortcut (.lnk file) is resolved.

    The race condition: ...
Page 14 of 14 FirstFirst ... 4121314