Posts | Archive

When Angry Birds Attack: Android Edition

It's been about six months since I reported a vulnerability in the Android mobile platform that allowed the unprompted installation of arbitrary applications with arbitrary permissions on a victim's device. While the vulnerability has long been fixed on Android handsets around the world, I've yet to write ...

Stackjacking Your Way to grsec/PaX Bypass

This April at Hackito Ergo Sum in Paris and Immunity's Infiltrate in Miami, Dan Rosenberg and I presented on a technique to exploit grsecurity/PaX-hardened Linux kernels. Read on for a brief overview of our presentation and a link to the full slides and PoC code.


The Stackjacking Technique ...

How I Almost Won Pwn2Own via XSS

No, seriously.

The good: Google has patched a serious vulnerability I discovered in the Android web market.

The bad: Since the Android web market was launched earlier this year, it was possible to remotely install arbitrary applications with arbitrary permissions onto a victim's phone simply by tricking them into ...

Exploiting Stack Overflows in the Linux Kernel

In this post, I'll introduce an exploitation technique for kernel stack overflows in the Linux kernel. Keep in mind this does not refer to buffer overflows on the kernel stack (whose exploitability is well understood), but rather the improper expansion of the kernel stack causing it to overlap with ...

CSAW CTF 2010 Kernel Exploitation Challenge

The finals for NYU Poly's CSAW CTF was this past weekend in New York City. I thought I would post the kernel exploitation challenge I developed for the final round. Feel free to try your hand at solving it!

The Setup

Each team is given unprivileged remote shell access ...

Copyright © 2018 - Jon Oberheide