On Wed, Dec 1, 2010 at 9:56 PM, Ryan Sears <rdsears (at) mtu (dot) edu [email concealed]> wrote:
> The evolution of threats is something that has always interested me as well.
> As far as attacks that are more prevalent now then 5 years ago, I'd have to say both "double free"/"use-after-free" and NULL pointer dereferencing are probably the 2 that stand out in my mind the most.
We did some work earlier this year to plot an online, editable
timeline of memory corruption attacks and mitigations.
You can check out (and edit) the timeline here:
http://ilm.thinkst.com/folklore/index.shtml
If you like, you can grab the associated paper/presentations from my
blog: http://blog.thinkst.com/2010/08/blackhat-2010-slides-paper-rest.html
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
On Wed, Dec 1, 2010 at 9:56 PM, Ryan Sears <rdsears (at) mtu (dot) edu [email concealed]> wrote:
> The evolution of threats is something that has always interested me as well.
> As far as attacks that are more prevalent now then 5 years ago, I'd have to say both "double free"/"use-after-free" and NULL pointer dereferencing are probably the 2 that stand out in my mind the most.
We did some work earlier this year to plot an online, editable
timeline of memory corruption attacks and mitigations.
You can check out (and edit) the timeline here:
http://ilm.thinkst.com/folklore/index.shtml
If you like, you can grab the associated paper/presentations from my
blog: http://blog.thinkst.com/2010/08/blackhat-2010-slides-paper-rest.html
/mh
--
Haroon Meer http://thinkst.com/
Tel: +27 83 786 6637 PGP: http://thinkst.com/pgp/haroon.txt
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]