Reading material
Below is a list of overall reading material which you may wish to read over before starting.
Bug class exploitation
Format strings:
- Scut’s formatstring paper (class paper and recommended reading)
- Advances in format string exploitation
- Format bug analysis
- Vulnerabilities in your code - Format Strings
- The Mystery of Format String Exploitation
Heap exploitation
- Once upon a free() - Historical document, later glibc’s have additional checking
- Vudo - An object superstitiously believed to embody magical powers - “”
- Advanced Doug lea’s malloc exploits - “”
- Malloc Maleficarum - Recent glibc malloc exploitation document, should be relevant for blacksun
Frame pointer overwrites
Adress space layout randomisation (ASLR)/ PaX specific
- Bypassing PaX ASLR protection - somewhat outdated.
- The advanced return-into-lib(c) exploits: PaX case study - “”
- PaX documentation - external link
- Smash the stack - Advanced bufferoverflow methods
Execshield documents
- A Solution To Red Hat PIE Protection - External link
- How to Exploit Overflow Vulnerability Under Fedora Core - External link
Stackguard / Stack smashing protection
- Stack Smashing Protection homepage - external link
- Bypassing StackGuard and StackShield
- Four different tricks to bypass StackShield and StackGuard protection
- Defeating compiler-level buffer overflow protection
Hardware protection (e.g amd64 / nx bit)
Generalised papers / notes / presentations (not always indepth)
- A Comparison of Buffer Overflow Prevention Implementations and Their Weaknesses
- Spender’s PaX Presentation
- Taking the fun out of smashing the stack
- Practical Unix Security
- PaX Memory Protection - Linux Journal entry
- Advances In Software Attack
Secure computing
- Seccomp announcement - Secure Computing (seccomp) patch announcement (external link)
Got some good additional papers?
If you have some relevant papers that would be suitable for this site, please drop me an email.