The Latest in IT Security

Posts Tagged ‘aslr’

Exploitation of Java Vulnerabilities

16
Aug
2012

Java SE is a platform-independent programming language. It is used on all operating systems – Windows and *nix-based, which increases the scope of exploiting a security vulnerability in Java. I will examine two critical Java security vulnerabilities exploited in the wild during the last few months.Applets in a sandboxJava applets use a sandbox, which restricts […]

Category General Written by Symantec Security Response Blog 0 Comments

Read more ...

Dissecting Flash with EASE

07
Oct
2011

EASE stands for Experimental ActionScript Emulator, and besides being a pun of debatable quality, it is the in-house tool we at FortiGuard use to analyse malicious Flash samples, unpack obfuscated code (if applicable), and automatically detect heap spraying and JIT spraying (two techniques essential to bypass DEP/ASLR when exploiting a vulnerability). Adobe Flash being nearly […]

Category Security Written by Fortinet Security Blog 0 Comments

Read more ...

Force “ASLR” on Shell Extensions

10
Aug
2011

I’ve written about Shell Extension without ASLR support before. Not only do they open up explorer.exe to ROP attacks, but other applications too, like Adobe Reader and Microsoft Office. You could use EMET to force ASLR on these DLLs, assuming you know which applications load shell extensions. Because shell extensions are not only loaded into […]

Category Security Written by Didier Stevens 0 Comments

Read more ...

« Older Entries
Newer Entries »

Categories

TUESDAY, MAY 07, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments