Publications

November 2008

Common Application Flaws - Presentation

Presentation given at the November OWASP NZ meeting, providing a basic introduction to the OWASP top 10 and common application flaws.

July 2008

Heaps About Heaps - Presentation .rar archive

Presentation documenting various heap exploitation techniques that can be used against Windows 2003 servers. This presentation details entries in the heap header, and explains mutliple exploitation techniques including an improved version of the lookaside list attack. As a bonus it also provides a step by step example of exploiting a heap based overflow on Windows 2003 including static addresses that can be used to obtain execution context.

May 2008

Access Through Access - Paper

Whitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities. Builds on the existing publically available research and has become a concise point of information for hacking access databases.

April 2008

Increasing The Value Of Penetration Testing - Paper

Increasing The Value Of Penetration Testing - Presentation

Presentation and whitepaper discussing some ways for a customer to increase the value of a penetration test. Explains, from the viewpoint of both parties, what should be expected from each when a penetration test is undertaken. What should expect as an outcome, and how to get more for you money, are all questions answered within.

December 2005

Exploiting Freelist[0] On XPSP2 - Presentation

This paper explains techniques of using exploiting freelist[0] overwrites to bypass the protection measures introduced with Windows XP Service pack 2. This leads to exploitation of other functionality within the heap management code to gain execution control after a chunk header has been overwritten.

October 2005

SBDA - Same Bug, Different App - Paper

October 2005

SBDA - Same Bug, Different App - Presentation

This presentation explains some trends with vulnerabilities that researchers should realise in the relationships between reported vulnerabilities that could be used to help speed up the discovery of new vulnerabilities. It includes the methodology used that led to the discovery of vulnerabilities such as fp30reg.dll overflow, nsiislog.dll overflow, and many more. This is the version shown at Bluehat and includes full presentation notes.

April 2005

Bugger The Debugger - Paper

This whitepaper discusses techniques in which malware can execute code within a debugger during the load period, before control is handed back to the user. These techniques could be used as anti-debugging methods, or to run different code paths if a debugger is detected.

July 2004

0x00 vs ASP File Uploads - Paper

This whitepaper explains how the ASP FileSystemObject can be exploited when uploading a file with a NULL byte included in the filename. This problem arises when data is compared and validated in ASP script but not validated by the underlying lower level calls.

July 2004

Windows Shatter Attacks - Presentation

Presentation on windows shatter attacks that was given at the Blackhat conference. This presentation was based off research done while producing the shattering by example whitepaper, and includes multiple examples of shatter attacks in various forms.

October 2003

Shattering By Example - Paper

Whitepaper detailing various windows shatter attacks against multiple windows controls and API calls.