Skip to content

Hack in the Box Magazine #8 available now

Every one or two quarters, there’s the one day we all wait for – and that’s when the latest issue of the Hack in the Box Magazine is released :-) Thanks to the hard and awesome work of Zarul Shahrin and the entire editorial crew, we are very excited to announce that the eight edition is now out available on the project website. One big change we decided to make due to popular demand is a printer-friendly version of the mag, with a single logical page per a physical one, (hopefully) making it significantly easier to read it even when you don’t have a spare 24″ screen to use. Also, you can now order an original printed version through HP MagCloud. For more information, see the bottom of http://magazine.hitb.org/. I can’t see the “spread” version available on the website now, but if you’re interested, feel free to ping me for it.

Other than that, there are some quite interesting articles you should definitely check out. Traditionally, I took care of the Windows Security section with an article called “The Story of CVE-2011-2018 Exploitation”. Although the specific Windows kernel vulnerability was very fresh at the time of writing the paper (it was fixed in December 2011) and it’s almost half a year old now, it still required (unbashedly speaking) one of the most sophisticated chain of Windows kernel exploitation techniques I have seen in a long time. The document covers several interesting methods such as kernel pool and stack spraying or the usage of ring-0 virtual address space information leaks used together to create a working Windows XP/Vista/7 privilege escalation proof of concept. If you are into Windows internals and low-level vulnerability exploitation, you will definitely find something for yourself. On a side note, should you know any easier or simpler means of performing any of the discussed exploitation steps, I will be more than happy to hear from you!

As always, the magazine is in need for authorship support. If you believe you have an interesting IT security-related subject and are willing to write an article for us, don’t wait and drop us a line at editorial@hackinthebox.org.

The magazine can be downloaded from here (HITB-Ezine-Issue-008.pdf, 2.18 MB)

Contents table

Internet Security

The Exploit Distribution Mechanism in Browser Exploit Packs (04)
by Aditya K Sood, Richard J Enbody and Rohit Bansal

Windows Security

The Story of CVE-2011-2018 exploitation (12)
by Mateusz “j00ru” Jurczyk

Network Security

Reverse Shell Traffic Obfuscation (36)
by Ben Toews

CISSP Corner

Jobs and Certifications. Looking at the 2012 Landscape (50)
by Clement Dupuis

From the Bookshelf

Practical Malware Analysis (54)
book by Michael Sikorski and Andrew Honig

The Tangled Web (56)
book by Michał Zalewski

Book Review

A Bug Hunter’s Diary (58)
book by Tobias Klein, reviewed by Mateusz “j00ru” Jurczyk

Internet Security (featured)

Online Security at the Crossroads (60)
by Jonathan Kent

{ 2 } Comments

  1. mgrzeg | 12-Apr-12 at 05:57:13 | Permalink

    Congrats! Good work :) Two months spent on moving from XP to Vista & 7 – wow! – very impressive.

  2. j00ru | 12-Apr-12 at 06:42:44 | Permalink

    Thanks ;-)

{ 3 } Trackbacks

  1. [...] HITB Magazine #8 HITB #8 매거진이 발행되었다. 온라인 상에서 다운로드가 가능하다. [...]

  2. Hack in the Box Magazin 8 erschienen | 2012-04-11 at 15:07:23 | Permalink

    [...] auch eines meiner Lieblingsmagazine, erscheint das Hack in the Box Magazin. Mittlerweile ist das Magazin in der achten Ausgabe erhältlich und beinhaltet mal wieder sehr informative Themen wie: Internet, [...]

  3. [...] convenience. It was previously released in the Hack in The Box Magazine #8 over a month ago (see announcement blog post). In short words, the paper is a guide through the exploitation process of a subtle, yet very [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *