Preventing /*exploitation with*/ rebasing

by the security layer that sits > between GetProcAddress and the rest of the virtual world. Who's an authorized caller? Someone who has a "safe" caller address on the stack If a the attacker start's offering instructions to your CPU... kiss your ass goodbye. Research AV/VX trends from the late 80's and early 90's. -R Riley Hassell Security Research Associate eEye Digital Security [DOW]

RE: Preventing exploitation with rebasing

FD2DA7 jmp eax strcpy(buffer,"\xa7\x2d\xfd\x7f"); } -R Also remember to rebase dll data sections. There's a load config table in the section... Riley Hassell Security Research Associate eEye Digital Security > -Original Message- > From: David L

Re: Telnetd AYT overflow scanner

Hah, interesting, if nobody knew already, looks like it affects Win2k's telnet server also. Riley Hassell Network Penetration Specialist eEye Digital Security Get up... and light the world on fire. - Original Message - From: "info" <[EMAIL PROTECTED]> To: <

Re: IDS's, host: headers, and .printer ISAPI overflow as an example

ks. ...kinda like stopping people with funny T-shirts coming through customs... Riley Hassell Vulnerability Developer eEye Digital Security Get up... and light the world on fire.