Uninformed - vol 9 article 4

Informative Information for the Uninformed

Current

All

About

Vol 9» 2008.Jan

Next: About this document ... Up: Improving Software Security Analysis Previous: Conclusion

Bibliography

1

Dowd, M., Metha, N., McDonald, J. Breaking C++ Applications. https://www.blackhat.com/presentations/bh-usa-07/Dowd_McDonald_and_Mehta/Whitepaper/bh-usa-07-dowd_mcdonald_and_mehta.pdf

2

Durden, Tyler. Bypassing PaX ASLR Protection. July, 2002. http://www.phrack.org/issues.html?issue=59&id=9

3

Howard, Michael. Protecting against Pointer Subterfuge (Kinda!). http://blogs.msdn.com/michael_howard/archive/2006/01/30/520200.aspx

4

Johnson, Richard. Windows Vista: Exploitation Countermeasures. http://rjohnson.uninformed.org/

5

Litchfield, David. Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server. http://www.nextgenss.com/papers/defeating-w2k3-stack-protection.pdf

6

Metasploit. Exploiting the ANI vulnerability on Vista. http://blog.metasploit.com/2007/04/exploiting-ani-vulnerability-on-vista.html

7

Microsoft Corporation. Microsoft Security Bulletin MS05-002. Jan, 2005. http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx

8

Microsoft Corporation. /GS (Buffer Security Check). http://msdn2.microsoft.com/en-us/library/8dbf701c(VS.80).aspx

9

Microsoft Corporation. /SAFESEH (Image has Safe Exception Handlers). http://msdn2.microsoft.com/en-us/library/9a89h429.aspx

10

Microsoft Corporation. A detailed description of the Data Execution Prevention (DEP) feature. http://support.microsoft.com/kb/875352

11

Microsoft Corporation. The LINQ Project. http://msdn2.microsoft.com/en-us/netframework/aa904594.aspx

12

Microsoft Corporation. Phoenix. http://research.microsoft.com/phoenix/

13

Microsoft Corporation. Microsoft Portable Executable and Object File Format Specification. http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/pecoff_v8.doc

14

Microsoft Corporation. Threat Modeling. June, 2003. http://msdn2.microsoft.com/en-us/library/aa302419.aspx

15

PaX Team. ASLR. http://pax.grsecurity.net/docs/aslr.txt

16

Ren, Chris et al. Microsoft Compiler Flaw Technical Note. http://www.cigital.com/news/index.php?pg=art&artid=70

17

Rahbar, Ali. An analysis of Microsoft Windows Vista’s ASLR. Oct, 2006. http://www.sysdream.com/articles/Analysis-of-Microsoft-Windows-Vista's-ASLR.pdf

18

skape, Skywing. Bypassing Windows Hardware-enforced DEP. http://www.uninformed.org/?v=2&a=4&t=sumry

19

skape. Preventing the Exploitation of SEH Overwrites. http://www.uninformed.org/?v=5&a=2&t=sumry

20

skape. Reducing the Effective Entropy of GS Cookies. http://www.uninformed.org/?v=7&a=2&t=sumry

21

Skywing. Vista ASLR is not on by default for image base addresses. http://www.nynaeve.net/?p=100

22

Sotirov, Alexander. Windows Animated Cursor Stack Overflow Vulnerability. March, 2007. http://www.determina.com/security.research/vulnerabilities/ani-header.html

23

Wikipedia. Stack-smashing protection. http://en.wikipedia.org/wiki/Stack-smashing_protection

24

Wikipedia. Address space layout randomization. http://en.wikipedia.org/wiki/ASLR

25

Wikipedia. Static single assignment form. http://en.wikipedia.org/wiki/Static_single_assignment_form

26

University of Wisconsin. Wisconsin Program-Slicing Project's Home Page. http://www.cs.wisc.edu/wpis/html/

27

Whitehouse, Ollie. Analysis of GS protections in Microsoft Windows Vista. http://www.symantec.com/avcenter/reference/GS_Protections_in_Vista.pdf