It gives me a great pleasure to announce that after several months past the last release (see The HITB Magazine #6 now available!), the awesome crew (as always, special kudos to Zarul Shahrin) has managed to put up the 7th edition of Hack in the Box Magazine! Without much ado, I will just say that the issue presents some interesting bits about the current global crysis in the cyberspace (by Jonathan Kent), extending SQL Injection attacks through buffer overruns (Aditya K Sood, Rohit Bansal and Richard J Enbody), automation of fuzzing and process crash testing with the PCMCA tool (Jonathan Brossard) and a number of other interesting articles and book reviews.
In order for the magazine to function properly, we are in constant need of unique content. If you believe you have some interesting, IT Security-related material to present, and would like to contribute to the project, don’t hesitate to drop us a line (editorial@hackinthebox.org)! We will be more than happy to consult your idea, help with the correction, or provide with any other type of advice :-)
As for the Windows Security section, you can traditionally find an article authored by me, titled Windows Security Hardening Through Kernel Address Protection. The paper briefly describes the problem of revealing potentially sensitive information about the kernel virtual address space into user-mode code, lists the scenarios in which such information might prove useful during practical exploitation, and proposes potential solutions on both Windows and CPU levels.
Note: The article has been written before Windows 8 Developer Preview became available, hence all information presented therein is only applicable up to Windows 7. The new system edition has plenty of new exploit mitigation techniques implemented (e.g. DEP-protected Non-Paged Pools), which can circuvment some of the described concepts. More on new Windows 8 security-oriented technologies coming soon ;)
The magazine can be downloaded from here (HITB-Ezine-Issue-007.pdf, 3.8 MB)
Contents table
Cover Story
What Would We Do Without Enemies (04)
by Jonathan Kent
Database Security
Extending SQL Injection Attacks Using Buffer Overflows – Tactical Exploitation (12)
by Aditya K Sood, Rohit Bansal, Richard J Enbody
Windows Security
Windows Security Hardening Through Kernel Address Protection (20)
by Matthew “j00ru” Jurczyk
Professional Development
CISSP Corner (34)
by Clement Dupuis
Books (38)
Application Security
Beyond Fuzzing: Exploit Automation with PMCMA (42)
by Jonathan Brossard
Network Security
Intrusion as a Service Using SHODAN (50)
by Er. Dhananjay D. Garg
Studies on Distributed Security Event Analysis in Cloud (58)
by Fyodor Yarochkin
Enjoy!
Again!, a great article from you inside the ezine!.
@ncr: :-)