Writing Stack Based Overflows on Windows

Part I – Basic Concepts
Part II - Windows Assembly for writing Exploits
Part III - Stack Overflows
Part IV – Shell Code Creation and Exploiting An Application Remotely
Appendix V – Source Code Used In Articles

The articles released this week introduce basic concepts of of memory management, and assembly. Next week the next two articles will be released.

The articles also have a Mini Exercise section, the solutions for which will be provided on November 20th. If you would like us to put your solution in, please send us an email at articles[a-t]securitycompass.com with the subject solution in it. The best solution shall be published as a link here.


Exploiting And Defending Networks: This presentation talks about taking advantage of an application and gaining "Enterprise Administrative Access" to an internal Windows 2003 network behind a firewall. It uses traditional techniques which are still valid on windows 2003 environment.



Exploiting And Defending Web Applications: This presentation talks about taking advantage of improper authentication, authorization, input validation and lost password to gain access to an application and gaining privileged access on a system behind a firewall.



Analyzing Code for Security Defects: This presentation talks about a different technique (from Microsoft) in assigning value to risk when performing threat analysis. Once the threat has been determined it talks about how to perform a focused code review on a large code base. It also covers some basic problems that are typically found when performing code review in C/C++.