It is already a month since our talk in Black Hat USA 2011. It's time to release the materials.
Slides:
Black Hat USA 2011 - Weapons of Targeted Attack: Modern Document Exploit Techniques (Slides)
Demo videos:
Microsoft Office DEP bypass
New Flash JIT Spraying - 01 - Why you need this trick.
New Flash JIT Spraying - 02 - MS11-050 with NEW Flash JIT Spraying.
New Flash JIT Spraying - 03 - CVE-2010-3333 with NEW Flash JIT Spraying (Flash 11)
Flash Sandbox Bypass - Stealing Gmail Cookie using Document Exploit
HIPS Bypass - 01 - Bypass McAfee HIPS
HIPS Bypass - 02 - Bypass COMODO HIPS
And here are PoC files.
Paper:
Black Hat USA 2011 - Weapons of Targeted Attack: Modern Document Exploit Techniques (Paper)
Sunday, September 4, 2011
Monday, July 25, 2011
Weapons of Targeted Attack: Modern Document Exploit Techniques
Nanika and me will be speaking at Blackhat USA 2011 next week. The presentation will disclouse many new document exploit techniques, including our new Flash JIT spraying approach.
Our Flash JIT spraying technique could defeat memory protections, even EMET has been adopted and all functions are enabled!
Here are two demonstration videos.
(1) MS11-050 with NEW Flash JIT Spraying (IE)
(2) CVE-2010-3333 with NEW Flash JIT Spraying (Office 2010)
Not only JIT spraying, we will also introduce our Flash AVM fuzzing technique, new tricks to bypass sandbox protection, and new ways to defeat HIPS protection.
See you in Vegas, and welcome to see us and talk to us.
Saturday, June 4, 2011
The Flash JIT Spraying is Back
Celebrating the announcement of Hacks in Taiwan Conference 2011, I would like to publish part of our recent researches to share with all document security researchers.
Flash JIT Spraying couldn't work since Flash 10.1. Now we bring it back.
The Flash JIT Spraying is Back
Demonstration:
Welcome to HITCon, welcome to Taiwan.
Flash JIT Spraying couldn't work since Flash 10.1. Now we bring it back.
The Flash JIT Spraying is Back
Demonstration:
Welcome to HITCon, welcome to Taiwan.
Thursday, June 2, 2011
Our Presentation in Syscan '10 Singapore
You haven't seen office vulnerability research for a long time, right?
Syscan 10 - Office is Still Yummy - Nanika TT
Indeed, since Microsoft started adopt exploit mitigation technology in modern OS, and new protection mechanism such as protected view and sandbox techniques, exploiting office application is getting more and more difficult. However, it doesn't stop target-attackers. They have just put their focus on other document applications, such as PDF and Flash, etc.
So is office becoming unbreakable? This presentation shows how did we play with office application, how did we exploit office with interesting ideas and tricks, and how did we against DEP and ASLR.
Pure Hacking and Pure Technology
We are security guys from Taiwan. We find vulnerabilities. We write exploits. We share our thoughts, ideas, and our researches on this blog.
Nanika & TT, members of CHROOT Security Group
Pure hacking and pure technology. We are not interested in evil stuffs.
Nanika & TT, members of CHROOT Security Group
Subscribe to:
Posts (Atom)