chuan85.com
Ψ小川Ψ dě Blog » (C) 2010-2016 ALL RIGHTS TERRY RESERVED.
http://www.chuan85.com/blog
201308.14 / 网站建设. 8260; 被围观 1,452次 置顶. 201605.23 / 学习笔记. 8260; 被围观 10次 无回应. 201601.26 / 学习笔记. 8260; 被围观 26次 无回应. 按照微软的 Win10 升级策略,首次升级,用户需要从已激活的Win8.1/8/Win7上 升级安装 才能 免费 获得的Win10系统激活。 然而,很多打算升级到 Win10 的朋友,很多人都有点 系统洁癖。 不少人在升级到Win10后,会再进行一次格式化重装,这无疑太浪费时间了 下面就介绍一个跳过升级,直接全新安装 Win10 并自动激活系统的方法. What 你用的是XP 你的机器预装的是DOS 不能直接升级Win10的童鞋请直接进入 Part 2. 201509.09 / 杂七杂八. 8260; 被围观 43次 无回应. 在一个成功的测试后,通常会想让特权保持的更久些.留后门的工作就显得至关重要,通常布设的后门包括但不限于数据库权限,WEB权限,系统用户权限等等.此文则对大众后门隐藏的一些思路做科普. 201502.27 / 教程转载. 8260; 被围观 91次 无回应.
justanothergeek.chdir.org
Linux Security, one year later... - Just another geek
http://justanothergeek.chdir.org/2011/01/linux-security-one-year-later
A blogging framework for hackers. Linux Security, One Year Later. This post (tries to) describe what happened in 2010 about GNU/Linux security. What this post is not is a long list of vulnerabilities, there are some people doing it way better. This post being (very) long and being syndicated by a few “planets”, I will cut this post on my feed, even if I know that a lot of people dislikes this behavior. Yang: New attacks, new vulnerability classes. In 2009, Tavis Ormandy and Julien Tinnes. A lot of method...
blog.cr0.org
cr0 blog: CVE-2009-2793: Iret #GP on pre-commit handling failure: the NetBSD case
http://blog.cr0.org/2009/09/cve-2009-2793-iret-gp-on-pre-commit.html
A blog about IT security and other geek interests. Wednesday, September 16, 2009. CVE-2009-2793: Iret #GP on pre-commit handling failure: the NetBSD case. A few months ago, Tavis Ormandy and myself have used the fact that iret can fail with a General Protection (#GP) exception before the processor "commits" to user-mode (switches privileges by setting CS) on multiple occasions (more on this at upcoming PacSec). The stack with be marked as executable but the code segment limit will not be raised yet: on s...
blog.cr0.org
cr0 blog: November 2009
http://blog.cr0.org/2009_11_01_archive.html
A blog about IT security and other geek interests. Saturday, November 28, 2009. Virtualization security and the Intel privilege model. Earlier this month, Tavis and I spoke at PacSec 2009. In Tokyo about virtualisation security on Intel architectures, with a focus on CPU virtualisation. We released some details about MS09-33. CVE-2009-1542), a bug we found in VirtualPC's instructions decoding. We mentioned two of the awesome bugs found by Derek Soeder. In VMware, CVE-2008-4915 and CVE-2008-4279. Virtuali...
blog.cr0.org
cr0 blog: Old school local root vulnerability in pulseaudio (CVE-2009-1894)
http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html
A blog about IT security and other geek interests. Thursday, July 16, 2009. Old school local root vulnerability in pulseaudio (CVE-2009-1894). Today was chosen as disclosure day for CVE-2009-1894. Tavis Ormandy and myself have recently used the fact that pulseaudio. Was set-uid root to bypass Linux' NULL pointer dereference prevention. This technique is relying on a limitation in the Linux kernel and not on a bug in pulseaudio. But we also found one unrelated bug in pulseaudio. Getenv("LD BIND NOW") {.
blog.cr0.org
cr0 blog: Linux NULL pointer dereference due to incorrect proto_ops initializations (CVE-2009-2692)
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
A blog about IT security and other geek interests. Thursday, August 13, 2009. Linux NULL pointer dereference due to incorrect proto ops initializations (CVE-2009-2692). Is RedHat's official mitigation recommendation. Also wrote an exploit for this. The bug triggering is based on our exploit which leaked to Brad though the private vendor-sec mailing list. He implements the. Map at address zero. EDIT4: if you use Debian or Ubuntu on your machine, I have specifically updated the. EDIT5: Zinx wrote an. And o...
blog.cr0.org
cr0 blog: July 2009
http://blog.cr0.org/2009_07_01_archive.html
A blog about IT security and other geek interests. Thursday, July 16, 2009. Old school local root vulnerability in pulseaudio (CVE-2009-1894). Today was chosen as disclosure day for CVE-2009-1894. Tavis Ormandy and myself have recently used the fact that pulseaudio. Was set-uid root to bypass Linux' NULL pointer dereference prevention. This technique is relying on a limitation in the Linux kernel and not on a bug in pulseaudio. But we also found one unrelated bug in pulseaudio. Getenv("LD BIND NOW") {.
blog.cr0.org
cr0 blog: January 2010
http://blog.cr0.org/2010_01_01_archive.html
A blog about IT security and other geek interests. Thursday, January 21, 2010. CVE-2010-0232: Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack. Two days ago, Tavis Ormandy has published. One of the most interesting vulnerabilities I've seen so far. It's one of those rare, but fascinating design-level errors dealing with low-level system internals. Its exploitation requires skills and ingenuity. Making it 17 years old. And the forging of cs:eip in VM86 mode. If you've ever tried t...
