Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Remote Windows Kernel Exploitation - Step Into the Ring 0

from [Marc Maiffret] Network Security [Permanent Link]
Subject: Remote Windows Kernel Exploitation - Step Into the Ring 0
Date: Thu, 17 Feb 2005 01:00:05 -0800 
Remote Windows Kernel Exploitation - Step Into the Ring 0
http://www.eeye.com/html/resources/whitepapers/research/index.html

Over 5 years ago my friend and colleague Barnaby Jack wrote a seminal
paper that brought a new level of awareness and understanding to Windows
based buffer overflow exploitation. What was once a topic considered to
be something to be spoken in dark corners is now a critical area of
research by software firms wishing to write secure applications. Times
have changed though and so has the vulnerability landscape. The demand
for host based security solutions and improved application performance
has caused many new software solutions to move more and more of their
application code into the kernel. After reviewing various products it is
apparent that the same security minded principles being applied to
writing secure userland code, are not being enforced or thought-out for
kernel based code. There has been a large increase in vulnerabilities
discovered over the last year that affect kernel drivers. There has not
however been an increase in awareness around the exploitability and the
criticality of these vulnerabilities. Just as it was five years ago Mr.
Jack has written a paper that embarks on a journey into demystifying
remote windows kernel exploitation and settling the debate once and for
all. We hope that writers of kernel code take note and think about how
these types of attacks can affect their products. Does the same sort of
peer-review, and source code analysis take place for your kernel code?
And as researchers are we pushing ourselves hard enough to advance the
science of security? Security can be an arms race and we need to be
creating this technical awareness, instead of the next worm doing it for
us.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities 

Important Notice: This email is confidential, may be legally privileged,
and is for the intended recipient only. Access, disclosure, copying,
distribution, or reliance on any of it by anyone else is prohibited and
may be a criminal offense.  Please delete if obtained in error and email
confirmation to the sender. 

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an 
Anti-Virus product which automatically notifies the perceived sender of a 
message it believes is infected may well cause more harm than good. Someone who 
did not actually send you a virus may receive the notification and scramble 
their support staff to find an infection which never existed in the first 
place. Suggest such notifications be disabled by whomever is responsible for 
your AV, or at least that the idea is considered.
--
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Remote Windows Kernel Exploitation - Step Into the Ring 0, Marc Maiffret <=
Previous by Date:  Problems with MS05-013, Ian Hayes
Next by Date:  April 12, 2005 Automatic Download of XP Service Pack 2, Lawlor, Steve
Previous by Thread:  Problems with MS05-013, Ian Hayes
Next by Thread:  April 12, 2005 Automatic Download of XP Service Pack 2, Lawlor, Steve
Indexes:  [Date] [Thread] [Top] [All Lists]