Every one or two quarters, there’s the one day we all wait for – and that’s when the latest issue of the Hack in the Box Magazine is released :-) Thanks to the hard and awesome work of Zarul Shahrin and the entire editorial crew, we are very excited to announce that the eight edition is now out available on the project website. One big change we decided to make due to popular demand is a printer-friendly version of the mag, with a single logical page per a physical one, (hopefully) making it significantly easier to read it even when you don’t have a spare 24″ screen to use. Also, you can now order an original printed version through HP MagCloud. For more information, see the bottom of http://magazine.hitb.org/. I can’t see the “spread” version available on the website now, but if you’re interested, feel free to ping me for it.
Other than that, there are some quite interesting articles you should definitely check out. Traditionally, I took care of the Windows Security section with an article called “The Story of CVE-2011-2018 Exploitation”. Although the specific Windows kernel vulnerability was very fresh at the time of writing the paper (it was fixed in December 2011) and it’s almost half a year old now, it still required (unbashedly speaking) one of the most sophisticated chain of Windows kernel exploitation techniques I have seen in a long time. The document covers several interesting methods such as kernel pool and stack spraying or the usage of ring-0 virtual address space information leaks used together to create a working Windows XP/Vista/7 privilege escalation proof of concept. If you are into Windows internals and low-level vulnerability exploitation, you will definitely find something for yourself. On a side note, should you know any easier or simpler means of performing any of the discussed exploitation steps, I will be more than happy to hear from you!
As always, the magazine is in need for authorship support. If you believe you have an interesting IT security-related subject and are willing to write an article for us, don’t wait and drop us a line at firstname.lastname@example.org.
The magazine can be downloaded from here (HITB-Ezine-Issue-008.pdf, 2.18 MB)