Security News #0x73
- The folks over at the Trail of Bits have a nice CTF Field Guide. If you are a student looking to get better at this (important!) skill set, then head over there! Just be sure that you give it the time it deserves- they have a lot of material!
- The folks at VUPEN have described in some detail their Pwn2Own attack on Firefox 27 on Windows. The underlying problem, CVE 2014-1512 is a use after free vulnerability in how Firefox responds when available memory is low.
- There are lots of places you can go to learn about the basics of binary exploitation. The usual story for buffer overflows- overflow a buffer, and some shell code, and point the return to your shell code- can be found in many books and web sites. What happens with ASLR and NX is more complex and less well covered. Well, the folks at Spider Labs have a wonderful blog post aimed at new folks who want to see how to bypass NX and ASLR. Definitely worth a read!
- Back in #0x71, we mentioned CVE 2014-0515 and its Metasploit module. Well, the folks at HP have a nice technical analysis of the flaw and an exploit that is going around for it.
- Brian Krebs has some important reporting on Shockwave Player. It turns out that (at least until very recently) Shockwave includes a version of Adobe Flash that is not only laughably out of date, but also vulnerable to a number of attacks. Ouch.