Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PocketPC exploitation

from [Jose Morales] Network Security [Permanent Link]
Subject: PocketPC exploitation
Date: Wed, 21 Sep 2005 12:46:39 -0400
I would like to contribute to the list a paper i just had published that discusses the vulnerabilities of current virus detectors for pocket pc's, it is scary to think that such simplistic detectors are the current state of the art for such powerfull devices, it leads one to think that the lessons of the past have not been learned, feedback on the paper is appreciated and welcomed, i hope it helps those interested in this area of research feel free to contact me. I should be presenting the paper at the workshop on software security assesment tools, tactics and metrics in long beach california in early november in conjunction with the automated software engineering conference. the paper can be downloaded at

http://www.cs.fiu.edu/~jmora009/

Jose.


********************************************************************************************
Jose Andre Morales
Computer Specialist
Master of Science in Computer Science, FIU 2004
Email: jose@onestopearth.com
********************************************************************************************



From: Nicolas RUFF <nicolas.ruff@gmail.com>
To: "Vuln-Dev@Securityfocus. Com" <vuln-dev@securityfocus.com>
CC: Jerome Athias <jerome.athias@free.fr>
Subject: Re: PocketPC exploitation
Date: Mon, 19 Sep 2005 17:47:14 +0200

> i would like to know if some of you have experience with exploitation of
> PocketPCs and could give me some ways and tools (debugger...).
> since some vulns come ( http://www.securityfocus.com/bid/13807 )
> I know that writing a DLL (Fuser) is quite easy with eVC++ (Embedded),
> so a "download and execute"-like shellcode could be amazing...

Pointers to begin with :

- Microsoft Embedded Visual C++, with on-target debugging :
http://www.microsoft.com/downloads/details.aspx?FamilyID=1dacdb3d-50d1-41b2-a107-fa75ae960856&displaylang=en

- Phrack #63 "Hacking Windows CE"
http://www.phrack.org/phrack/63/p63-0x06_Hacking_WindowsCE.txt

- And the upcoming IDA Pro 4.9 with Windows CE on-target debugging :
http://www.datarescue.com/idabase/wince/index.htm

Regards,
- Nicolas RUFF
Security researcher @ EADS-CCR


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability, snsadv
Next by Date:  Upcoming Black Hat events announcement, Jeff Moss
Previous by Thread:  [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability, snsadv
Next by Thread:  Re: PocketPC exploitation, Ratter
Indexes:  [Date] [Thread] [Top] [All Lists]