Phrack is out.
It was kind of sad regarding the underground quotes.
Personally, I like mayhem’s comment for the French contributors. heh
- Phrack Prophile on The PaX Team
Jesus! Pipacs on Phrack! I bet spender will be soooo sooo happy with this :P Admit it. the_uT’s one was more interesting.
- The Objective-C Runtime: Understanding and Abusing
Once again nemo did it. He explores and exploits Objective C in Mac OS X. Also, his asl_* abuse was pretty neat :)
- Developing a Trojaned Firmware for Juniper ScreenOS Platforms
This article by Graeme was great! It’s one of the very few articles dealing with backdoored image files in network devices. I really liked that!
- Yet another free() exploitation technique
Man… I am flattered! A brilliant Greek from GRHack wrote one of the
best articles of this issue. Thank you hk!
- Persistent BIOS Infection
Core Security shows us the way to BIOS infection. Even though this is not a new concept, they made some remarkable research in this article and it definitely deserves your time.
- Exploiting UMA : FreeBSD kernel heap exploits
Hehe! The popular Greek coder argp and the well known researcher Karl Janmar from signedness wrote an innovative paper about FreeBSD kernel heap exploitation. This is not anything new but they did excellent work in documenting it in great detail. This is clearly the ultimate FreeBSD kernel heap exploitation article I am aware of.
- Exploiting TCP and the Persist Timer Infiniteness
ithilgore and his crazy network stuff… I have to admit that when he told me about that design flaw I was unable to follow. This is an amazing article since it is theoretical, practical and innovative all in one :P Well done ithilgore! :)
- MALLOC DES-MALEFICARUM
The third article in this issue about heap exploitation was written by blackngel. This is another excellent work on heap exploitation which as the author states, its aim is to make practical examples of the classic Malloc Maleficarum. Something like what K-sPecial did this in .aware alpha release. They went far beyond this with this paper!
- A Real SMM Rootkit
This is written by Filip Wecherowski who makes at last, a real SMM rootkit. There has been a lot of hype about SMM rootkits since Phrack #65 article and Blackhat 2008 presentation. This article goes extensively through the details of such rootkits.
- Alphanumeric ARM shellcode
This is written by Yves Younan and Pieter Philippaerts. Forgive me for that but I don’t think this is compared to the rest of the articles of #66. It is still great resource for ARM internals and the undocumented alphanumeric shellcoding in RISC ARM processors. Nevertheless, shellcoding for exotic CPUs is not something really innovative. It is still an amazing article, this is just my opinion in comparison to the rest of the papers.
- Power cell buffer overflow
This article written by BSDaemon talks about CELL exploitation. As I said earlier, even though I love reading/studying such subjects from my geeky side, I found them impractical from my security side. Unless you’re planning to have some PS3 botnet…Anyhow, excellent analysis and great enhancement of the already known exploitation techniques for CELL.
- manual binary mangling with radare
A great new framework for reverse engineering written by pancake. I haven’t studied radare in detail yet but from this article, it seems beautiful.
- Linux Kernel Heap Tampering Detection
If you’re interested in Linux kernel heap exploitation or detection of tampering, this is just a great resource. It is written by Larry H. and explains all of the memory allocators used in Linux kernel in detail. Then it compares their limitations to OpenBSD and NetBSD implementations as well as the recent safe unlinking of Windows. Really cool article. It even deals with subverting SELinux and AppArmor.
- Developing Mac OSX kernel rootkits
Two Swedish guys, ghalen and wowie wrote about OS X rootkits. I don’t know much about OS X and I was surprised to see how easy it really is to code rootkits (in comparison to Linux). Thank you guys for this article :)
- How close are they of hacking your brain?
This is a completely different article written by dahut. It deals with concepts such as injecting content in our brains and similar subjects which I’m not really keen with. Still a really interesting article.
To conclude, in my opinion Phrack #66 is excellent even though it has some sort of “heap exploitation mania” :P Every single article is great. Congratulations to everyone involved to achieve this. On its downside, it didn’t include any “art of exploitation” article which I really liked and there was no “international scenes” article but I am aware of the problems you had to find one. Thank you all for this release :)
P.S.: Semi-irrelevant reply:
<@nemo> ah come on
<@nemo> who is xorl
<@nemo> i know you’re here :(
Indeed… I was there :P