[Noisebridge-discuss] Smashing the stack for fun and... education?
Ian
ian at slumbrparty.com
Tue Aug 4 01:28:01 UTC 2009
i'm interested in this. i think the jon erickson book you speak of is
mine and it is a first edition (green). i dont know what changes are
in the second edition and if it matters too much. whenever it is,
please count me in. i'm not an expert in this field but have done
similar things before. what ever happened to the thread about getting
an ida pro license for nb? did that ever happen? we may be able to do
all the stuff we need in the beginning with olly?
thanks,
verbal
On Mon, Aug 3, 2009 at 4:53 PM, Micah Lee<micahflee at gmail.com> wrote:
> Would anyone be into having a weekly Noisebridge meetup to try to
> learn more about buffer overflows and writing code to exploit them? I
> don't think there are many people around who are experts -- I'm
> certainly not -- but I think there's a lot that we can learn if we're
> into it, and I've got a couple ideas. I have enough experience with
> this stuff to be able to explain in limited detail how it all works,
> from sending a malicious buffer to a program, hijacking the flow of
> execution, and executing a payload to hack systems.
>
> We can start with reading Hacking: The Art of Exploitation
> (http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593270070).
> I have a copy, and Noisebridge has a copy too. I've read the first
> couple chapters and it's really good. It comes with an Ubuntu LiveCD
> with a bunch of example code on it, and steps you through writing
> buggy programs and then exploiting them to get root. It's all linux
> stuff, so if you use a Mac or Windows it would be easy to set up a
> virtual machine to play in.
>
> There's also tons of public exploits for old software on milw0rm and
> other places that we could download to study and try to recreate. We
> could try to find good sources to learn Windows exploitation too. I
> have a little experience with OllyDBG (a Windows debugger), but I'm
> sure there are people/books/websites we could learn a lot more from.
> Also I'd be into try to write some OS X exploit code.
>
> And of course, it'd be sweet to get everyone using Metasploit, getting
> good at Metasploit, and then writing exploit code as Metasploit
> modules.
>
> Would there be sufficient interest in this kind of group?
>
> micah
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
More information about the Noisebridge-discuss
mailing list