Just posting a quick pair of links in case anyone is interested in reading about creating an exploit/buffer overflow. Trirat Puttaraksa discusses a Snort 2.6.1 DCE/RPC Preprocessor Remote Buffer Overflow. Part 1 is a DoS condition and part 2 goes into actual code excution. Very interesting, although beyond my abilities for now. Browse the rest of his blog for even more dissections.
One thought on “owning snort”
Comments are closed.
Yeah, I also read through the heap spraying stuff, which is great because I was reading over Skyline’s stuff earlier to that. Good set of posts. Well written and explained.