Hack in the Box Magazine #7 on the wild, at last

It gives me a great pleasure to announce that after several months past the last release (see The HITB Magazine #6 now available!), the awesome crew (as always, special kudos to Zarul Shahrin) has managed to put up the 7th edition of Hack in the Box Magazine! Without much ado, I will just say that the issue presents some interesting bits about the current global crysis in the cyberspace (by Jonathan Kent), extending SQL Injection attacks through buffer overruns (Aditya K Sood, Rohit Bansal and Richard J Enbody), automation of fuzzing and process crash testing with the PCMCA tool (Jonathan Brossard) and a number of other interesting articles and book reviews.

In order for the magazine to function properly, we are in constant need of unique content. If you believe you have some interesting, IT Security-related material to present, and would like to contribute to the project, don’t hesitate to drop us a line (editorial@hackinthebox.org)! We will be more than happy to consult your idea, help with the correction, or provide with any other type of advice :-)

As for the Windows Security section, you can traditionally find an article authored by me, titled Windows Security Hardening Through Kernel Address Protection. The paper briefly describes the problem of revealing potentially sensitive information about the kernel virtual address space into user-mode code, lists the scenarios in which such information might prove useful during practical exploitation, and proposes potential solutions on both Windows and CPU levels.

Read more

PiXiEServ out for public

A few years back, we’ve been (i.e. j00ru and Gynvael) working on a bootkit-related project (some polish SecDay’09 presentation slides can be found here). One of its basic requirements was the ability to load custom boot-“sectors” from an external host in the local network. Since the publicly available solutions required too much time to be spent on configuration and we didn’t need most of the offered functionality anyway, we decided to create an extremely simplified Preboot Execution Environment (PXE) server on our own, and so PiXiEServ came to be. Actually, a great majority of the source code was written by Gynvael, with only few modifications applied by me.

Although we eventually haven’t managed to complete the said bootkit-related project and the server source code is dated back to October 2009, we’ve now decided that the program and its sources might prove useful to other people playing with the network machine booting mechanism, as well as trying to write their own OS and test it on both virtual and real hardware (without having to worry about getting old school floppies, CDs, etc).

Read more