Some of you have undoubtedly heard the big news in the exploit world this week. There is a new Adobe Reader/Acrobat exploit in the wild that bypasses ASLR (Address Space Layout Randomization), DEP (Data Execution Prevention), and, most importantly, the sandbox (“Protected Mode“) that was introduced in Adobe Reader X.
- Exploiting Weak Shellcode Hashes to Thwart Module Discovery; or, Go Home, Malware, You’re Drunk!
- Unintended Consequences of Equation Group Malware
- HAVOC – Halting Attacks Via Obstructing Configurations – Part One
- New World Order – When Databases Collide
- Ghost in the Shellcode 2015 Write-up, Forensics 200: “CloudFS”