+

Black Hole Exploit Kit – Exploiting Software 01/2012

January 23, 2012


 

Starting to Write Your Own Linux Schellcode
By Craig Wright

We have seen more and more people become reliant on tools such as Metasploit in the last decade. This ability to use these tools has empowered many and has created a rise in the number of people who can research software vulnerabilities. It has created more security professionals who cannot only scan a target for vulnerabilities using a tool such as Nessus, but who can complete tests involving system exploitations and hence validate the results presented to them by a scanner. But, this ends when a new application with unexpected calls or controls is found. What do we do when presented with a special case?
This makes it extremely difficult for signature based systems to stop or detect shellcode created for a specific purpose and hence more likely that the tester will succeed in testing the vulnerability without other controls interfering. If we remain at this level, we will stop the lower level attacker, but fail in stopping more sophisticated attacks.
You will learn how to write your own shellcode, how to fix all the nulls and how to validate your shellcode.

Buffer Overflow Exploitation A to Z (Part 1)
By Praful Agarwal aka Sbeztt

Let us understand the program. The program starts with declaration of a variable buffer with the storage capacity of 8 characters, followed by a string to be printed to the user as Please give input. Then the user will be expected to enter some characters and the program will display those characters back to the user. Finally a string will be put stating that This is the Normal Working of the Program. As you see the last three lines in the program, they are coded to display a string I am not called to the user, but as the function is never called by the main function, this will not come on screen. Wait for the magical powers of Buffer Overflow Exploitation, as the author takes you through. From the first part of Buffer Overflow Exploitation you will see how the memory gets corrupted with the heavy data.and you will learn a Stack Based Buffer Overflow Exploitation.

Anatomy of the Black Hole Exploit Kit
By Abhijeet Hatekar

Black Hole exploit kit has made a huge impression in 2011 by compromising large user base across the world. Considering the number of affected victims, it has successfully entered into the league of deadly exploit kits like Neosploit and Phoenix.
Like many other powerful malwares, Black Hole is developed and maintained from Russia. V1.0 Beta is believed to be the first instance of this predator kind and was available for $1500/annum subscription. It can also be licensed semi-annually for $1000 and quarterly for $700.Black Hole keeps track of the visitor IP addresses and tries to exploit them only once. If the same IP address tries to connect C&C server again; 404 Not Found page is returned. This makes the analysis little harder than usual. Abhijeet will show the anatomy of the in-famous Black Hole exploit kit followed by a case study explaining attack flow. You will learn what are the three exploits used in the Black Hole.

How to Recover Passwords from a Memory Dump
By Daniel Dieterle

Malware analysis is an amazing field. To be able to grab a memory dump from a live machine and then have the capabilities to pull useful information from it just amazes the author. Can we find pertinent system settings, and even pull information from them? Were you ever curious about what could be done with a memory dump of an active computer? This article is a short demonstration on how to acquire a memory dump from a running system, and then how to use tools to not only recover the system password hashes from the memory dump, but also how to decode them.

The Gentoo Hardened Project: Or How to Minimize Exploits Risks
By Jesus Rivero

Gentoo’s approach to Linux is evidenced in its Phylosophy1, from there it derives the fact that optimization, flexibility and choices are the keystones of the distribution. Gentoo gives users the tools needed for them to shape their Gentoo installation to their liking and all while building and compiling software especially for their hardware architecture, not relying in pre-built binaries compiled by someone else. That is one of the reasons why you will hear, users and developers, say that Gentoo is a “meta-distribution” because the distribution provides exciting tools that allow users, using the same base system, to build highly secure servers, neat desktops, embedded solutions or even a special VDR system. Jesus will show you how to install a Gentoo Hardened system, how to choose the right profile and kernel and what are the major caveats and potential problems.

Hacking Applets: A Reverse Engineering Approach
By Ronnie Johndas and Nilesh Kuma

Ronnie and Nilesh will discuss a technique that can be used to modify the applet’s Java byte code without having to recompile the applet. They will show the process of reverse engineering of an applet which does not have any kind of code obfuscation, string encryption and other code protection techniques employed. You will learn how to patch byte code and perform other kinds of manipulation in the Java class files of the applet. We will also see how to get a signed applet to run in a standalone manner.

Black Hole Exploit Kit - Exploiting Software 01/2012Black Hole Exploit Kit – Exploiting Software 01/2012 – Hakin9 Teasers
Black Hole Exploit Kit - Exploiting Software 01/2012

Follow the steps below to download the magazine:
  1. Register, accept the Disclaimer and choose subscription option.
    Attention!
    By choosing the Free Account option you will only be able to download the teaser of each issue.
  2. Verify your account using the verification link sent to your email address.
  3. Check the password sent on your email address and use it to log in.
  4. Click the download button to get the issue.


IMPORTANT: the registration on the website includes subscription to our newsletter.

Comments

Tagged with:

46 Comments
    blitz inc Mar 03, 2014

    … [Trackback]

    [...] There you will find 11192 more Infos: hakin9.org/black-hole-exploit-kit-exploiting-software-012012/ [...]

    lipo CLS Mar 02, 2014

    … [Trackback]

    [...] Informations on that Topic: hakin9.org/black-hole-exploit-kit-exploiting-software-012012/ [...]

Leave a Comment

Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let us have a personal and meaningful conversation instead.

You must be logged in to post a comment.


IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa