Blog
Oct 12, 2011
Advanced Windows Exploitation Updated
Our Advanced Windows Exploitation (AWE) live course in Columbia, Maryland is fast approaching with a start-date of October 24. Not only is the first time we have offered this training outside of BlackHat, it is also the first time we are able to offer a full 5 days of training and a limited number of seats are still available for this intense course.
2 min read
Our Advanced Windows Exploitation (AWE) live course in Columbia, Maryland is fast approaching with a start-date of October 24. Not only is the first time we have offered this training outside of BlackHat, it is also the first time we are able to offer a full 5 days of training and a limited number of seats are still available for this intense course.
Along with the new site and extra day of training, we have also updated one of the modules with a very interesting vulnerability discovered by Chris Rohlf and Yan Ivnitskiy of Matasano Security in June 2011. We decided that this particular vulnerability would make an intriguing case study so we developed the integer overflow vulnerability into a working Mozilla Firefox exploit, controlling an invalid Javascript Array object index value being used to access element properties.
[image_frame style=”framed_shadow” width=”512″ height=”366″ align=”center”]https://manage.offsec.com/images/awe2011_00.png[/image_frame]
The reduceRight method executes a user defined callback function once for each element present in the array. As you can make the array point out of bounds, the attacker can pass a fake sprayed object address to the callback function. At this point code execution can be gained in different ways triggering a method of the fake object.
Code execution on Windows 7 obviously requires some fun playing with pointers and memory to bypass DEP and ASLR protections, both of which this exploit manages to do.
[image_frame style=”framed_shadow” width=”512″ height=”366″ align=”center”]https://manage.offsec.com/images/awe2011_01.png[/image_frame]
This proves to be our most exciting AWE class so far. If you would like to learn how to take your exploitation skills to the next level, sign-up now while there’s still time and available seats.
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec
Enterprise Security
Red Team vs Blue Team in Cybersecurity
Learn what a red team and blue team in cybersecurity are, pros and cons of both, as well as how they work together.
Dec 13, 2024
13 min read
Enterprise Security
Building a Future-Ready Cybersecurity Workforce: The OffSec Approach to Talent Development
Learn all about our recent webinar “Building a Future-Ready Cyber Workforce: The OffSec Approach to Talent Development”.
Dec 13, 2024
4 min read
Enterprise Security
How to Become the Company Top Cyber Talent Wants to Join
Become the company cybersecurity talent wants to join. Learn how to attract, assess, and retain experts with strategies that set you apart.
Dec 4, 2024
5 min read