Since 2000, operating systems began to support the NX bit and emulators of it. The PaX patch for Linux (who also includes ASLR), ExecShield (RedHat), W^X (OpenBSD and macOS) and DEP appear (from Windows to WinXP SP2). This protection is to distinguish memory pages permissions...

In principle it is already clear how we get control program flow leveraging a script out of bounds. Let's see how the stack is for a function like yesterday#include <stdio.h> #include <string.h>void print(char* arg) { char buf[128]; strcpy(buf, arg); printf("%sn", buf); }int print(int argc, char** argv) { if(argc < 2) return 1; imprimir(argv[1]); return 0; }Ahem,...

For some time, I've been reading blogs about exploiting that seems now at last my time has come to change the role. In this blog I will publish posts as a workshop "from scratch" the exploiting, and additionally I try often bring examples of vulnerabilities...

Start NOW mitigating risks