Become a Partner
Add OffSec to your list of training providers
Partner with usBlog
Oct 12, 2011
Our Advanced Windows Exploitation (AWE) live course in Columbia, Maryland is fast approaching with a start-date of October 24. Not only is the first time we have offered this training outside of BlackHat, it is also the first time we are able to offer a full 5 days of training and a limited number of seats are still available for this intense course.
2 min read
Our Advanced Windows Exploitation (AWE) live course in Columbia, Maryland is fast approaching with a start-date of October 24. Not only is the first time we have offered this training outside of BlackHat, it is also the first time we are able to offer a full 5 days of training and a limited number of seats are still available for this intense course.
Along with the new site and extra day of training, we have also updated one of the modules with a very interesting vulnerability discovered by Chris Rohlf and Yan Ivnitskiy of Matasano Security in June 2011. We decided that this particular vulnerability would make an intriguing case study so we developed the integer overflow vulnerability into a working Mozilla Firefox exploit, controlling an invalid Javascript Array object index value being used to access element properties.
[image_frame style=”framed_shadow” width=”512″ height=”366″ align=”center”]https://manage.offsec.com/images/awe2011_00.png[/image_frame]
The reduceRight method executes a user defined callback function once for each element present in the array. As you can make the array point out of bounds, the attacker can pass a fake sprayed object address to the callback function. At this point code execution can be gained in different ways triggering a method of the fake object.
Code execution on Windows 7 obviously requires some fun playing with pointers and memory to bypass DEP and ASLR protections, both of which this exploit manages to do.
[image_frame style=”framed_shadow” width=”512″ height=”366″ align=”center”]https://manage.offsec.com/images/awe2011_01.png[/image_frame]
This proves to be our most exciting AWE class so far. If you would like to learn how to take your exploitation skills to the next level, sign-up now while there’s still time and available seats.
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Enterprise Security
The Fortinet 2024 Skills Gap report shines a light on critical issues that plague the cybersecurity industry. Here are our main takeaways.
Sep 6, 2024
6 min read
Insights
The OffSec team was at the Black Hat USA 2024 conference and we are excited to share our top 5 favorite talks.
Sep 6, 2024
5 min read
We’re sharing all of the important information related to the OSCP+ so you can know what this means for past, current and future learners.
Sep 4, 2024
2 min read