Skip to content

Hack in the Box Magazine #7 on the wild, at last.

Hello,

It gives me a great pleasure to announce that after several months past the last release (see The HITB Magazine #6 now available!), the awesome crew (as always, special kudos to Zarul Shahrin) has managed to put up the 7th edition of Hack in the Box Magazine! Without much ado, I will just say that the issue presents some interesting bits about the current global crysis in the cyberspace (by Jonathan Kent), extending SQL Injection attacks through buffer overruns (Aditya K Sood, Rohit Bansal and Richard J Enbody), automation of fuzzing and process crash testing with the PCMCA tool (Jonathan Brossard) and a number of other interesting articles and book reviews.

In order for the magazine to function properly, we are in constant need of unique content. If you believe you have some interesting, IT Security-related material to present, and would like to contribute to the project, don’t hesitate to drop us a line (editorial@hackinthebox.org)! We will be more than happy to consult your idea, help with the correction, or provide with any other type of advice :-)

As for the Windows Security section, you can traditionally find an article authored by me, titled Windows Security Hardening Through Kernel Address Protection. The paper briefly describes the problem of revealing potentially sensitive information about the kernel virtual address space into user-mode code, lists the scenarios in which such information might prove useful during practical exploitation, and proposes potential solutions on both Windows and CPU levels.

Note: The article has been written before Windows 8 Developer Preview became available, hence all information presented therein is only applicable up to Windows 7. The new system edition has plenty of new exploit mitigation techniques implemented (e.g. DEP-protected Non-Paged Pools), which can circuvment some of the described concepts. More on new Windows 8 security-oriented technologies coming soon ;)

The magazine can be downloaded from here (HITB-Ezine-Issue-007.pdf, 3.8 MB)

Contents table

Cover Story

What Would We Do Without Enemies (04)
by Jonathan Kent

Database Security

Extending SQL Injection Attacks Using Buffer Overflows – Tactical Exploitation (12)
by Aditya K Sood, Rohit Bansal, Richard J Enbody

Windows Security

Windows Security Hardening Through Kernel Address Protection (20)
by Matthew “j00ru” Jurczyk

Professional Development

CISSP Corner (34)
by Clement Dupuis

Books (38)

Application Security

Beyond Fuzzing: Exploit Automation with PMCMA (42)
by Jonathan Brossard

Network Security

Intrusion as a Service Using SHODAN (50)
by Er. Dhananjay D. Garg

Studies on Distributed Security Event Analysis in Cloud (58)
by Fyodor Yarochkin

Enjoy!

{ 2 } Comments

  1. ncr | 19-Oct-11 at 18:12:27 | Permalink

    Again!, a great article from you inside the ezine!.

  2. j00ru | 19-Oct-11 at 23:43:03 | Permalink

    @ncr: :-)

{ 1 } Trackback

  1. [...] Kernel Address Protection article published in Hack in the Box Magazine #7 over a month ago (see HITB #7 on the wild, at last). The paper is now available in a nicely formatted, printer-friendly format. If you missed it then, [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *