[OWASP-Bangalore] More Info related to Bufferoverflow

Sumit Kumar k.sumit.us at gmail.com
Sun Jan 11 23:08:52 EST 2009


And here is the link to the next event. Sending to a larger mailing list; if
you can access the upcoming link please respond there, else shoot your
response on the list itself.

http://upcoming.yahoo.com/event/1487431

 Sunday February 1, 2009 from 9:00pm - 11:00pm
 India Coffee House <http://upcoming.yahoo.com/venue/236466/>
 MG Road
Bangalore, Karnataka 560001
 Category: Education
Website: https://www.owasp.org/index.php/Bangalore
OllyDbg Demo by Rajiv


This is just to ensure the list is not flooded with "I do" responses :-)

Thanks,
-Sumit

On Sun, Jan 11, 2009 at 12:30 PM, Rajiv Vishwa <rajivvishwa at gmail.com>wrote:

> Hi Guys,
>
> It was a wonderful discussion on BoF we had today.
>
> I just wanted to share few links to gives more insight on the BoF
>
> Smashing The Stack For Fun And Profit<http://insecure.org/stf/smashstack.html>:
> URL: http://insecure.org/stf/smashstack.html
>
> This is one good article which details about 'smashing the stack' process
> with examples and other illustrations. Try this if you are keen in
> understanding it thoroughly.
>
>
>> `smash the stack` [C programming] n. On many C implementations
>> it is possible to corrupt the execution stack by writing past
>> the end of an array declared auto in a routine.  Code that does
>> this is said to smash the stack, and can cause return from the
>> routine to jump to a random address.  This can produce some of
>> the most insidious data-dependent bugs known to mankind.
>> Variants include trash the stack, scribble the stack, mangle
>> the stack; the term mung the stack is not used, as this is
>> never done intentionally  [Read More...<http://insecure.org/stf/smashstack.html>
>> ]
>>
>
> Common Vulnerabilities and Exposures (CVE) <http://cve.mitre.org>
> URL: http://cve.mitre.org
>
> Vikas had mentioned about the CVE database, just thought of sharing the
> link
>
> CVE(R) International in scope and free for public use, CVE is a dictionary of
>> publicly known information security vulnerabilities and exposures.
>> CVE's common identifiers enable data exchange between security products
>> and provide a baseline index point for evaluating coverage of tools and
>> services.
>>
>
> OllyDbg <http://www.ollydbg.de/>
> URL: http://www.ollydbg.de/
>
> This is one tool which can be used to perform run time overflows and
> assembly level manipulations which I had mentioned. This tool can be
> downloaded for free. *Note: Dont mess your executables with Ollydbg unless
> you know what you are doing.* Next session we will have demo with this
> tool.
>
> OllyDbg is a 32-bit assembler level analysing debugger for Microsoft(R)
>> Windows(R). Emphasis on binary code analysis makes it particularly useful in
>> cases where source is unavailable
>>
>
> *Timestamp: Sun, 11 Jan 2009 12:23:24**
>
> *Regards,
> *Rajiv*
> Follow me in Twitter <http://twitter.com/rajivvishwa>
> ________________________________________________________________
>
> On Sat, Jan 10, 2009 at 10:30 PM, <owasp-bangalore-request at lists.owasp.org
> > wrote:
>
>> Send OWASP-Bangalore mailing list submissions to
>>        owasp-bangalore at lists.owasp.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>        https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>> or, via email, send a message with subject or body 'help' to
>>        owasp-bangalore-request at lists.owasp.org
>>
>> You can reach the person managing the list at
>>        owasp-bangalore-owner at lists.owasp.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of OWASP-Bangalore digest..."
>>
>>
>> Today's Topics:
>>
>>   1. Gentle Remainder : Jan Meet on 11th @ ICH (Sundar N)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Sat, 10 Jan 2009 10:48:58 +0530
>> From: "Sundar N" <suntracks at gmail.com>
>> Subject: [OWASP-Bangalore] Gentle Remainder : Jan Meet on 11th @ ICH
>> To: owasp-bangalore at lists.owasp.org
>> Message-ID:
>>        <c1e982c50901092118p73720afbtcebc558ab4cf1a25 at mail.gmail.com>
>> Content-Type: text/plain; charset=ISO-8859-1
>>
>> Hello Everyone,
>>
>> It is Scheduled on Jan 11th @ 9.00 AM, India Coffee house, 1st Floor, MG
>> Road.
>> Also a session on 'Buffer Overflow' by Sumit.
>> Looking Forward to meet you all there.
>>
>> Sundar.
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> OWASP-Bangalore mailing list
>> OWASP-Bangalore at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>>
>>
>> End of OWASP-Bangalore Digest, Vol 14, Issue 5
>> **********************************************
>>
>
>
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore
>
>


-- 

Joe E. Lewis  - "There's only one thing money won't buy, and that is
poverty."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20090112/0ce96e8d/attachment.html 


More information about the OWASP-Bangalore mailing list