site: scarybeastsecurity.blogspot.com
*bleed, more powerful: dumping Yahoo! authentication secrets with an out-of-bounds read
http://scarybeastsecurity.blogspot.com/2017/05/bleed-more-powerful-dumping-yahoo.html [scarybeastsecurity.blogspot.com]
2017-05-20 18:00
tags:
cloud
exploit
graphics
security
web
Further hardening glibc malloc() against single byte overflows
http://scarybeastsecurity.blogspot.com/2017/05/further-hardening-glibc-malloc-against.html [scarybeastsecurity.blogspot.com]
2017-05-18 17:12
tags:
c
defense
malloc
security
It’s time for a brief foray into memory allocator design.
Black box discovery of memory corruption RCE on box.com
http://scarybeastsecurity.blogspot.com/2017/03/black-box-discovery-of-memory.html [scarybeastsecurity.blogspot.com]
2017-03-30 17:46
tags:
c
cloud
exploit
graphics
library
security
Redux: compromising Linux using... SNES Ricoh 5A22 processor opcodes?!
http://scarybeastsecurity.blogspot.com/2016/12/redux-compromising-linux-using-snes.html [scarybeastsecurity.blogspot.com]
2016-12-13 16:47
tags:
browser
c
cpu
exploit
linux
security
turtles
And so we go again.
TL;DR: full reliable 0day drive-by exploit against Fedora 25 + Google Chrome, by breaking out of Super Nintendo Entertainment System emulation via cascading side effects from a subtle and interesting emulation error. Very full details follow.
Deterministic Linux heap grooming with huge allocations
http://scarybeastsecurity.blogspot.com/2016/12/1day-poc-with-rip-deterministic-linux.html [scarybeastsecurity.blogspot.com]
2016-12-05 20:26
tags:
c
exploit
linux
programming
security
The way we at least start to try advancing reliable exploitation is by abusing deterministic behavior for huge allocations in the Linux glibc allocator.
Advancing exploitation: a scriptless 0day exploit against Linux desktops
http://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html [scarybeastsecurity.blogspot.com]
2016-11-22 06:27
tags:
c
exploit
linux
security
Today’s exploit comes courtesy of the FLIC format, one of the “good” gstreamer decoders. Some clever tricks are used to obtain a more predictable execution environment and reliable one shot exploitation.
This was a fairly ridiculous exploit. But it was worth doing because it’s proof that scriptless exploits are possible, even within the context of decent 64-bit ASLR.
Risky design decisions in Google Chrome and Fedora desktop enable drive-by downloads
http://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html [scarybeastsecurity.blogspot.com]
2016-11-16 00:11
tags:
browser
exploit
linux
security
turtles
Follow up to yesterday’s post about exploiting linux desktops. If a browser auto saves sketchy files to locations where buggy indexers read them, bad things happen. Auto magically.
The Fedora default desktop install includes a range of fairly obscure media decoders that confer risk but are not necessary for a thorough desktop experience.
Compromising a Linux desktop using... 6502 processor opcodes on the NES
http://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-compromising-linux-desktop.html [scarybeastsecurity.blogspot.com]
2016-11-14 20:39
tags:
best
exploit
linux
security
systems
turtles