Position-independent Code Reuse via #EuroSP18

A few years ago, one of the most common attacks was to take advantage of a memory corruption error such as a buffer overflow to inject code (usually shellcode) and divert the flow of control to that code. However, with

Web-To-Mobile Vulnerabilities via #SP18

Currently a large number of mobile applications are simple front ends of their corresponding web APIs. Although this is not a danger in itself, it brings with it a very important implication regarding the validation process of data entry: The

Benchmarking Crimes via #arXiv

The evaluation of the prototype that is developed in a scientific work is a very important part of the investigation since it determines if the proposed system fulfills its objectives and how well it does it, which is essential to

Code-reuse attacks for the Web via #CCS17

Cross-site scripting (XSS) vulnerabilities are a fairly recurrent problem on the web even though it was publicly documented in 2000. These attacks allow a malicious actor to completely alien certain web page to inject and execute code not authorized by

Variadic Vulnerabilities Vanquished via #UseSec17

Researchers at Purdue, Politecnico di Milano and California – Irvine universities presented this summer in Usenix Security a work focused on trying to prevent and eradicate vulnerabilities caused by the abuse of variadic functions. A variadic function is one that

Bugs in Linux kernel drivers via #UseSec17

As the vast majority of security workers will know, a vulnerability known as “Dirty Cow” (CVE-2016-5195) that has been present in the Linux kernel since 2.6.22 in 2007 has been publicly disclosed, therefore, present in Linux-based operating systems, including Android.


Our sandbox for packers