[Noisebridge-discuss] Smashing the stack for fun and... education?

Dr. Jesus j at hug.gs
Tue Aug 4 04:18:41 UTC 2009


On Mon, Aug 3, 2009 at 4:53 PM, Micah Lee<micahflee at gmail.com> wrote:
> Would anyone be into having a weekly Noisebridge meetup to try to
> learn more about buffer overflows and writing code to exploit them? I
> don't think there are many people around who are experts -- I'm
> certainly not -- but I think there's a lot that we can learn if we're
> into it, and I've got a couple ideas. I have enough experience with
> this stuff to be able to explain in limited detail how it all works,
> from sending a malicious buffer to a program, hijacking the flow of
> execution, and executing a payload to hack systems.
>
> We can start with reading Hacking: The Art of Exploitation
> (http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593270070).
> I have a copy, and Noisebridge has a copy too. I've read the first
> couple chapters and it's really good. It comes with an Ubuntu LiveCD
> with a bunch of example code on it, and steps you through writing
> buggy programs and then exploiting them to get root. It's all linux
> stuff, so if you use a Mac or Windows it would be easy to set up a
> virtual machine to play in.
>
> There's also tons of public exploits for old software on milw0rm and
> other places that we could download to study and try to recreate. We
> could try to find good sources to learn Windows exploitation too. I
> have a little experience with OllyDBG (a Windows debugger), but I'm
> sure there are people/books/websites we could learn a lot more from.
> Also I'd be into try to write some OS X exploit code.
>
> And of course, it'd be sweet to get everyone using Metasploit, getting
> good at Metasploit, and then writing exploit code as Metasploit
> modules.
>
> Would there be sufficient interest in this kind of group?

I have a talk on the subject of buffer overflows, as well as a small
demonstration application.  If enough people want I can present it
Tuesday at 7.



More information about the Noisebridge-discuss mailing list