Recently Daniel Hodson and myself have been working extensively on a project regarding the automated discovery of uninitialized variable vulnerabilities. Daniel has been doing a ton of research into the area and I've been working on an old bug class which I discovered about a year ago which is related to the subject.
Daniel recently did a talk at Ruxcon 2008 on the topic which included some details of my bug class and went in depth about the intracacies of exploiting uninitialized memory vulnerabilities and methods which can be employed to discover them in an automated fashion.
Collaboratively we will be publishing a paper which will hopefully be included in the next issue of Phrack. Keep an eye out for updates regarding the project on this blog. I'll be posting more as we get all our research completed and the paper written.
Tuesday, December 23, 2008
Subscribe to:
Posts (Atom)