bulletin MS11-047 [1]
7. *Credits*
This vulnerability was discovered and researched by Nicolas Economou
from Core Security Exploit Writers Team. The publication of this
advisory was coordinated by Fernando Miranda from Core Security
Advisories Team.
detect exploitation attempts.
7. *Credits*
This vulnerability was discovered by Nicolas Economou from Core Security
Technologies. Technical analysis and proof-of-concept tools were
developed by Nicolas Economou and Diego Juarez from Core's Exploit
Writers Team.
[http://go.microsoft.com/fwlink/?LinkId=194552]
7. *Credits*
This vulnerability was discovered by Nicolas Economou from Core
Security Technologies.
8. *Technical Description / Proof of Concept Code*
> * fully supports Python 2.4 through 2.7
> * fully supports Windows XP through Windows 7, 32 and 64 bit editions
> * crash report tool now supports MSSQL (requires pyodbc)
> * now supports downloading debugging symbols from Microsoft (thanks Neitsa!)
> * new tool: sehtest.py (Windows SEH buffer overflow jump address bruteforcer,
> inspired by the same tool by Nicolas Economou)
> * the tutorial is now available in chm and pdf formats
> * now with only one MSI installer for all supported Python versions
> * added support for diStorm 3 (falls back to the old version if not found)
> * now using cerealizer instead of pickle whenever possible
> * added new command to the command line debugger to show the SEH chain
*Credits*
This vulnerability was discovered by Gerardo Richarte while developing an
exploit for vulnerability CVE-2007-1744. The final exploit for both
vulnerabilities was developed by Nicolas Economou, both of them from CORE
IMPACT's Exploit Writing Team (EWT), Core Security Technologies.
*Technical Description / Proof of Concept Code*
While developing an exploit for the CVE-2007-1744 vulnerability [4] the
*Credits*
This vulnerability was discovered and researched by Sebastian Muiz from
the Core IMPACT Exploit Writers Team (EWT) at Core Security
Technologies. Exploitation was further investigated by Nicolas Economou
also from the Core IMPACT Exploit Writers Team (EWT).
Core would also like to thank Paul Fahey of AusCERT, Gaston Franco and
Patricia Prandini of ArCERT and Art Manion and Chris Taschner of CERT/CC
for their assistance during the vulnerability reporting process.
7. *Credits*
Nicolas Economou from Core Security Technologies discovered and
researched this vulnerability.
8. *Technical Description / Proof of Concept Code*
* fully supports Python 2.4 through 2.7
* fully supports Windows XP through Windows 7, 32 and 64 bit editions
* crash report tool now supports MSSQL (requires pyodbc)
* now supports downloading debugging symbols from Microsoft (thanks Neitsa!)
* new tool: sehtest.py (Windows SEH buffer overflow jump address bruteforcer,
inspired by the same tool by Nicolas Economou)
* the tutorial is now available in chm and pdf formats
* now with only one MSI installer for all supported Python versions
* added support for diStorm 3 (falls back to the old version if not found)
* now using cerealizer instead of pickle whenever possible
* added new command to the command line debugger to show the SEH chain
* fully supports Python 2.4 through 2.7
* fully supports Windows XP through Windows 7, 32 and 64 bit editions
* crash report tool now supports MSSQL (requires pyodbc)
* now supports downloading debugging symbols from Microsoft (thanks Neitsa!)
* new tool: sehtest.py (Windows SEH buffer overflow jump address bruteforcer,
inspired by the same tool by Nicolas Economou)
* the tutorial is now available in chm and pdf formats
* now with only one MSI installer for all supported Python versions
* added support for diStorm 3 (falls back to the old version if not found)
* now using cerealizer instead of pickle whenever possible
* added new command to the command line debugger to show the SEH chain
Nicolas Bareli - Sandboxing based on SECCOM for Linux kernel
Cesar Cerrudo - Token Kidnapping\'s Revenge
Cesar Cerrudo History 0days, Disclosing y otras yerbas
Claudio Criscione - Virtually Pwned: Pentesting VMware
Giovanni Cruz - Atacking VoIP…a paradise!
Nicolas Economou - 2x1 Microsoft Bugs: 'Virtual PC hyper-hole-visor' +
'Windows Creation Vulnerability (MS10-048)'
Gary Golomb - Network-based detection of PE structural anomalies and
linker characteristics
Michael Hudson - Wrong Way, the true story of a Black Hat
Barnaby Jack - Jackpotting Automated Teller Machines
more resilient against forged answer attacks.[9]
While researching the fixes issued by Microsoft in Microsoft's Security
Bulletin MS10-024
[http://www.microsoft.com/technet/security/bulletin/ms10-024.mspx]
published April 13, 2010 Nicolas Economou discovered two vulnerabilities
in Windows SMTP Service and Microsoft Exchange . These vulnerabilities
were fixed by the patches referenced in MS10-024 but were not disclosed
in the vendor's security bulletin and did not have an unique
vulnerability identifier assigned to them. As a result, the guidance and
the assessment of risk derived from reading the vendor's security
