Sunday, 18 September 2011

Exploiting format strings @ wu-ftpd 2.6.0 @ Ubuntu 10.04.03 LTS

Some time ago I read this post the-shellcoders-handbook-second-edition at xorl's blog. I decided to get a copy of the book and learn from it as much as I could. However, the book is a bit outdated (as xorl states also in aforementioned post) - it was published in 2006/07. For example in chapter 4 (dealing with format strings exploitation) there is a thorough example of how to perform an attack on wu-ftpd version 2.6.0. A bit excited, I set on working with it. And the "outdatedness" suddenly got in my way...

Thursday, 8 September 2011

Windows minifilters part 2 @ securitymag

Here you can get second article about Windows' minifilters, published in securitymag: securitymag ukrywanie-plikow-w-systemie-windows

Windows minifilters part 1 @ hakin9

Few months ago I had an opportunity to present some material about Windows' filesystem minifilters in online magazine hakin9. I wrote two articles, published in two succeeding editions (February and March 2011). Funny though, right after 02-2011 the magazine changed it's name from hakin9 into securitymag. Still, that was pretty much the same.
Unfortunately, it was written for polish readers, in polish language.
Here you can get first article: Hakin9-2-2011-Minifiltry-Systemu-Windows

TwiLPaper - Twitter Live Wallpaper

Moving on from SeventhGate... straight to Android platform. Published on market. The thing is I have two versions of the app. However, Google it it's Google-ness does not allow me, a programmer from Poland, make pennies in Poland. Of course, I can easily spend money, but not earn, God forbid :) So, as for now, only free version is available. Pro version with additional few options, is still sitting on my HD, waiting for better times.
So here it is: TwiLPaper
Works on all Samsung devices I could test, up to Galaxy S II (nice beast by the way, isn't it).

BTW, I plan to make a short tutorial how to decompile apps from Android Market, basing on my own app, which is not obfuscated :)


Just to keep things organized and up-to-date: my first project shown to public. Of course, it may crash, it may not work properly. Here it is, published some time ago: