|
In the PressHZV
Like all first Saturday of the month, TEAM HZV will hold a meeting in the buildings of Sysdream à Saint Ouen près of Paris. The principal thème of this meeting is not yet défini; do not hésitez à to contact us if you wish to propose a thème. To register you or for information, send an email à meeting@hackerzvoice.net the entrée is free for all, then come many! Staff HZV A deuxième VIP comes from être confirmé: it is about Matthieu Suiche, which will présentera a conférence on the analysis avancée of the physical mémoire under Mac OS X. Matthieu Suiche is a researcher in French safety specialisé in the reverse engineering and the autopsy of the physical mémoire. It is à him which one owes SandMan like Win32dd/Win64dd, two tools for analysis forensic. It régulièrement gives international conférences at the time of événements such as BlackHat the USA, PacSec, ShakaCon, etc |
Analyzes of a packer and programming of unpacker
To fight against detection by signature the trojans are often packés using a packer. A packer is a program which compresses, figure, protects the achievable ones. So that the achievable ones can be launched, the packer their additions a function, a loader, which will decompress and decipher the achievable one in memory before returning the hand to him. Detections by signatures being done on the achievable one “into hard”, i.e. on the file and not in memory when the program is launched, the code of the malware is quantified and detection by signature fails. Optimization of Blind SQL injection
The faults of injection of code SQL are from now on well-known, but the techniques of exploitation as a blind man are it less. The easy ways to obtain the number of fields employed in a request SELECT, or rough-to force the values of the fields in a dichotomic way are they also increasingly met through the whole of the pages treating of this subject on Internet. But what is it techniques of discovered and recovery of data in an unknown environment, when one is in the incapacity to determine if a forged request caused the awaited result? Novel method of injection of code
The injection of code in a process has been a technique known for several years in the computer security, and largely used by many malwares, and in fact countered by many anti-malware software. There exists however a means of circumventing these detections, while ensuring the injection of a DLL in the memory capacity of another process, and that in a furtive way, without the knowledge of this anti-malware software. Year analysis off Microsoft Windows Vista' S ASLR
Windows Vista includes has new memory protection system called ASLR. Its goal is to escape buffer overflow attacks in vulnerable programs. Stack overflow one Windows Vista
In this article we will analyze the ASLR (Address Space Randomization Layout) that has been added to Windows Vista beta 2 and we will see through year example how it is possible to bypass the ASLR to exploit stack overflows one Windows Vista. Stack overflow one Windows XP SP2
In this different article we will see the protection mechanisms added by Microsoft in Windows XP SP2 to prevent stack overflow exploitation. Linux_2.6.x_vsyscalls
Advisory - Linux 2.6.x vsyscalls may Be used ace powerful attack vectors. |
Press Computer security
|
| 2008 - 2009 © Sysdream - N° of approval 11930594993 - Legal Mentions - CGV | Reception | Products & Services | Press | Contact |
