SecurityFocus

Preventing exploitation with rebasing Feb 04 2003 05:08AM
David Litchfield (david ngssoftware com) (7 replies)

Re: Preventing exploitation with rebasing Feb 05 2003 01:41PM
dullien gmx de (1 replies)

Re: Preventing exploitation with rebasing Feb 04 2003 10:52PM
David Litchfield (david ngssoftware com) (2 replies)

Re[2]: Preventing exploitation with rebasing Feb 05 2003 05:02PM
dullien gmx de

RE: Preventing exploitation with rebasing Feb 04 2003 09:47PM
Jason Coombs (jasonc science org)

RE: Preventing exploitation with rebasing Feb 04 2003 06:54PM
Riley Hassell (rhassell eeye com)

Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM
sd hysteria sk (1 replies)

Re: Preventing exploitation with rebasing Feb 04 2003 11:20PM
David Litchfield (david ngssoftware com)

Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM
Torbjörn Hovmark (torbjorn hovmark abtrusion com)

Re: Preventing exploitation with rebasing Feb 04 2003 11:38AM
Charlie Root (weedpower home ro) (4 replies)

Re: Preventing exploitation with rebasing Feb 06 2003 01:00AM
Deus, Attonbitus (Thor HammerofGod com)

Re: Preventing exploitation with rebasing Feb 05 2003 09:49PM
Alun Jones (alun texis com)

Re: Preventing exploitation with rebasing Feb 04 2003 08:08PM
Brian Hatch (bugtraq ifokr org) (2 replies)

Re: Preventing exploitation with rebasing Feb 04 2003 09:38PM
David S Goldberg (dsg mitre org)

Re: Preventing exploitation with rebasing Feb 04 2003 05:26PM
Alan DeKok (aland freeradius org) (2 replies)

Re: Can't Preventing exploitation with rebasing Feb 05 2003 10:06AM
bugtraq gaza halo nu (2 replies)

All difficulties posed by such a "rebasing" technique can be conquered.
The only difficulty it presents is getting back to your shellcode. This
can be overcome easily unless you're remapping kernel memory as well.
The kernel holds secrets to finding loadlibrary and getprocaddress, and a
jmp esp which is all you need to make your shellcode dance.

DIGRESSION:
Dave Litchfield says you can call esp. I don't know Dave's
relationships with his registers but this doesn't work if I want
to get my eip on top of my shellcode. Always starts executing a
memory address for me. Maybe if I took esp out to dinner more
often then I could call it instead of having to jump on top of it.
Dave, any suggestions for the wine list?
END DIGRESSION.

There's no silver bullet for security. Security is in a fluid state
always, and will always be so.

-Jove

> Brian Hatch <bugtraq (at) ifokr (dot) org [email concealed]> wrote:
> > People keep saying "but it won't stop everything", and that's true.

> This takes the security versus obscurity argument from the realm of
> personal opinion to one of quantitative statements. We should have a
> similar goal for this discussion.

[ reply ]

Re[2]: Can't Preventing exploitation with rebasing Feb 06 2003 07:14PM
dullien gmx de

Observation on randomization/rebiasing... Feb 05 2003 09:10PM
Nicholas Weaver (nweaver CS berkeley edu) (1 replies)

RE: Observation on randomization/rebiasing... Feb 05 2003 10:07PM
Jason Coombs (jasonc science org)

Re: Preventing exploitation with rebasing Feb 05 2003 01:48AM
Crispin Cowan (crispin wirex com)

Re: Preventing exploitation with rebasing Feb 04 2003 06:38PM
David Litchfield (david ngssoftware com) (1 replies)

Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Feb 05 2003 05:32PM
Halvar Flake (halvar gmx net)

Re: Preventing exploitation with rebasing Feb 04 2003 11:34AM
Eugene Tsyrklevich (eugene securityarchitects com)

Re: [VulnDiscuss] Preventing exploitation with rebasing Feb 03 2003 09:49PM
Michal Zalewski (lcamtuf coredump cx)