nitter
Randy Marchany
@randymarchany
8 Nov 2016
Still the best paper on the subject. and 20 years later, the technique works.
Today In Infosec
@todayininfosec
8 Nov 2016
"Smashing The Stack For Fun And Profit" was published by Elias Levy (aka Aleph One) in the hacker zine Phrack.
2
4
2
Hal Pomeranz
@hal_pomeranz
8 Nov 2016
Doesn't work on modern OSes with kernel-based stack protection, e.g. DEP on Windows, Linux 2.6.8+, OpenBSD 3.3+.
1
1
Annah Waggoner
@tootsierollpop8
8 Nov 2016
mastropaolo.com/2005/06/04/b…
1
Hal Pomeranz
@hal_pomeranz
8 Nov 2016
Replying to
@tootsierollpop8
@randymarchany
Right, sure. But the basic technique in Elias' paper is blocked by NX support.
Nov 8, 2016 · 6:09 PM UTC
4
Randy Marchany
@randymarchany
8 Nov 2016
Replying to
@hal_pomeranz
@tootsierollpop8
yep. but it works on some IoT with older chip sets.
1
Hal Pomeranz
@hal_pomeranz
8 Nov 2016
.
@randymarchany
@tootsierollpop8
First wide-spread buffer overflow pre-dates Elias' Phrack article by many years. Can you name it?
6
2
more replies
Randy Marchany
@randymarchany
8 Nov 2016
Replying to
@hal_pomeranz
@tootsierollpop8
been a while but does the "echo 0 /proc/sys/kernel/exec-shield" still work ?
Annah Waggoner
@tootsierollpop8
8 Nov 2016
Replying to
@hal_pomeranz
When an expert says something, I look it up to learn about it. :)
1
Hal Pomeranz
@hal_pomeranz
8 Nov 2016
This is sound policy. I endorse it.
1
Annah Waggoner
@tootsierollpop8
8 Nov 2016
Replying to
@hal_pomeranz
@randymarchany
Wow... this is evil.
trustwave.com/Resources/Spid…