Security and Hacking Documents Collection

Windows Exploitation

Buffer Overflow

Stack

	Writing Stack Based Overflows on Windows Part I - Basic Concepts	Nish Bhalla
	Writing Stack Based Overflows on Windows Part II - Windows Assembly for writing Exploits	Nish Bhalla
	Writing Stack Based Overflows on Windows Part III - Stack Overflows	Nish Bhalla
	Writing Stack Based Overflows on Windows Part IV - Shell Code Creation and Exploiting An Application Remotely	Nish Bhalla
	Win32 Buffer Overflows	dark spyrit
	WindowsNT Buffer Overflow's From Start to Finish	Jason Jordan
	Practical SEH exploitation	THC
	Win32 Stack BufferOverFlow Real Life Vuln-Dev Process	Sergio Alvarez
	Blind Exploitation of Stack Overflow Vulnerabilities	Peter Winter-Smith
	Pratctical Win32 and UNICODE exploitation	?

Heap

	Windows Heap Overflow Exploitation	anonymous
	Windows Heap Overflows using the Process Environment Block (PEB)	c0ntex
	Windows Heap Overflows Code	David Litchfield
	Windows Heap Exploitation (Win2KSP0 through WinXPSP2)	Conover
	MSRPC Heap Overflow - Part I	Dave Aitel
	MSRPC Heap Overflow - Part II	Dave Aitel
	Microsoft Windows RPC Security Vulnerabilities	LSD
	Reliable Windows Heap Exploits	...
	Heap Feng Shui in JavaScript	Alexander Sotirov
	The cross-page overwrite and it's application in heap overflows	Greg Hoglund
	Microsoft ASN.1 remote exploit	?
	Exploiting Heap Overflow in Microsoft Messenger Service with msgr07.exe	Patti Lawrence
	Understanding the heap by breaking it	Justing N. Ferguson

Misc

Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT-2000-XP

David Litchfield

Format String Bug

Windows 2000 Format String Vulnerabilities

David Litchfield

Shatter Attacks

	Win32 Message Vulnerabilities Redux	Oliver Lavery
	Shattering By Example	Moore
	win32 Shatter Attacks	Moore
	Exploiting design flaws in the Win32 API for privilege escalation	Foon
	Shattering SEH	Moore

Kernel Vulnerabilities

	Attacking the Windows Kernel	Jonathan Lindsay
	Exploiting Windows Device Drivers	Piotr Bania
	Remote Windows Kernel Exploitation - Step into the Ring 0	eEye
	Windows Local Kernel Exploitation	sk
	Windows GDI Local Kernel Memory Overwrite	Eriksson
	Exploiting WDM Audio Drivers	Ruben Santamarta
	Remote and Local Exploitation of Network Drivers	Yuriy Bulygin

Shellcode Development

	Understanding Windows Shellcode	skape
	History and Advances in Windows Shellcode	sk
	Win32 Assembly Components	LSD
	Technological Step Into Win32 Shellcodes	l0rd yup
	New generation shellcode using my nooil tricks methods	Matthieu Suiche
	Writing Small Shellcode	Dafydd Stuttard
	Post-Exploitation on Windows using ActiveX Controls	skape
	Kernel-mode Payloads on Windows	skape

Filters Bypass

	Implementing a Custom X86 Encoder	skape
	Creating Arbitrary Shellcode In Unicode Expanded Strings (The "Venetian" exploit)	Chris Anley
	Building IA32 'Unicode-Proof' Shellcodes	obscou
	Context-keyed Payload Encoding	I)ruid

Protections against exploitation

Description

	Generic Anti Exploitation Technology for Windows	eEye
	Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform	David Litchfield
	Preventing the Exploitation of SEH Overwrite	skape
	Analysis of GS protections in Microsoft Windows Vista	Ollie Whitehouse
	An Analysis of Address Space Layout Randomization on Windows Vista	Ollie Whitehouse

Bypass techniques

	Stack overflow on Windows XP SP2	Ali Rahbar
	Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server	David Litchfield
	Shellcode avoiding stack protections sample	Vallez
	Bypassing Windows heap protections	Nicolas Falliere
	Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass	Alexander Anisimov
	A new way to bypass Windows heap protections	Nicolas Falliere
	Exploiting Freelist[0] On XP Service Pack 2 Source	Brett Moore
	Bypassing Windows Hardware-enforced Data Execution Prevention	skape
	Reducing the Effective Entropy of GS Cookies	skape
	Bypassing PatchGuard on Windows x64	skape
	SEH Overwrites Simplified	Aelphaeis Mangarae

Misc

	Exploiting the Otherwise Non-exploitable on Windows	skape
	Temporal Return Addresses	skape
	Advanced Windows Exploitation	Dave Aitel
	Windows Local Shellcode Injection	Cerrudo
	MS API function pointers hijacking	shinnai
	ActiveX - Active Exploitation	warlord
	Making Windows Exploits More Reliable	Immunuty