Papers
Memory Retrieval Vulnerabilities - "Memory Retrieval Vulnerabilities" is a presentation prepared by eEye researcher Derek Soeder back in October 2006 however it never found a suitable home at a conference so we are just releasing it here. It discusses theoretical coding flaws that could offer an attacker a glimpse into the stack or heap, or possibly arbitrary process memory, thereby allowing the construction of more reliable exploits against a vulnerable process -- even in spite of generic security measures such as /GS and ASLR that rely upon unpredictability. Select real-world examples are provided, including a NETAPI32 (Server Service) vulnerability silently fixed in MS06-040. Notes are included on many of the slides to provide additional details.
[Download - PDF]
PiXiE Presentation - PiXiE is a proof-of-concept network boot virus presented by eEye researcher Derek Soeder in February 2006. It showcases significant improvements on the eEye BootRoot technology while illustrating the dangerous synergy of network boot and Wake-on-LAN. Currently there are no plans to release the code in source or binary form.
[Download - PDF]
Generic Anti-Exploitation Technology for Windows - This paper will perform an impartial examination of generic anti-exploitation technology for the Windows platform. Beginning with a brief tour of the most important historical anti-exploitation projects, we will then analyse recently introduced security features in Windows XP, Service Pack 2 and Windows 2003, Service Pack 1, and summarize the remaining areas of vulnerability. Finally, we will discuss the various general approaches taken by 3rd party technology and also examine some possible future developments.
[Download - PDF]
Remote Windows Kernel Exploitation - Step Into the Ring 0 - Over eight years have passed and almost every possible method and technique regarding Windows exploitation has been discussed in depth. Surprisingly, a topic that has yet to be touched on publicly is the remote exploitation of Win32 kernel vulnerabilities; a number of kernel vulnerabilities have been published, yet no exploit code has surfaced in the public arena.
[Download - PDF]
Congressional Subcommittee Testimony on Security Threats to Public and Private U.S. Infrastructure - This paper provides the entire testimony that Marc Maiffret, eEye's Chief Hacking Officer, made before the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, at its oversight hearing on "Information Security - Vulnerability Management Strategies and Technology".
[Download - PDF]
Congressional Subcommittee Testimony on the Nation's Infrastructure Systems - This paper provides the entire testimony that Marc Maiffret, eEye's Chief Hacking Officer, made at the oversight hearing on "Cyber-Terrorism: Is the Nation's Critical Infrastructure Adequately Protected?"
[Download - PDF]
Congressional Subcommittee on Government Efficiency, Financial Management And Intergovernmental Relations; Congressman Stephen Horn, R-CA Chairman - This paper provides the entire testimony that Marc Maiffret, eEye's Chief Hacking Officer, made at the Congressional Subcommittee Hearing on: What Can be Done to Reduce the Threats Posed by Computer Viruses and Worms to the Workings of Government?
[Download - PDF]
[Download - PDF]
PiXiE Presentation - PiXiE is a proof-of-concept network boot virus presented by eEye researcher Derek Soeder in February 2006. It showcases significant improvements on the eEye BootRoot technology while illustrating the dangerous synergy of network boot and Wake-on-LAN. Currently there are no plans to release the code in source or binary form.
[Download - PDF]
Generic Anti-Exploitation Technology for Windows - This paper will perform an impartial examination of generic anti-exploitation technology for the Windows platform. Beginning with a brief tour of the most important historical anti-exploitation projects, we will then analyse recently introduced security features in Windows XP, Service Pack 2 and Windows 2003, Service Pack 1, and summarize the remaining areas of vulnerability. Finally, we will discuss the various general approaches taken by 3rd party technology and also examine some possible future developments.
[Download - PDF]
Remote Windows Kernel Exploitation - Step Into the Ring 0 - Over eight years have passed and almost every possible method and technique regarding Windows exploitation has been discussed in depth. Surprisingly, a topic that has yet to be touched on publicly is the remote exploitation of Win32 kernel vulnerabilities; a number of kernel vulnerabilities have been published, yet no exploit code has surfaced in the public arena.
[Download - PDF]
Congressional Subcommittee Testimony on Security Threats to Public and Private U.S. Infrastructure - This paper provides the entire testimony that Marc Maiffret, eEye's Chief Hacking Officer, made before the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, at its oversight hearing on "Information Security - Vulnerability Management Strategies and Technology".
[Download - PDF]
Congressional Subcommittee Testimony on the Nation's Infrastructure Systems - This paper provides the entire testimony that Marc Maiffret, eEye's Chief Hacking Officer, made at the oversight hearing on "Cyber-Terrorism: Is the Nation's Critical Infrastructure Adequately Protected?"
[Download - PDF]
Congressional Subcommittee on Government Efficiency, Financial Management And Intergovernmental Relations; Congressman Stephen Horn, R-CA Chairman - This paper provides the entire testimony that Marc Maiffret, eEye's Chief Hacking Officer, made at the Congressional Subcommittee Hearing on: What Can be Done to Reduce the Threats Posed by Computer Viruses and Worms to the Workings of Government?
[Download - PDF]
