Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
内容由Black Hat and Jeff Moss提供。所有播客内容(包括剧集、图形和播客描述)均由 Black Hat and Jeff Moss 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
类似 Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference 的节目
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Welcome to the Enjoying Everyday Life TV podcast with Joyce Meyer. To learn more, visit our website at joycemeyer.org or download the Joyce Meyer Ministries App. By supporting Joyce Meyer Ministries, you can help us reach hurting people around the world. To find out more, go to joycemeyer.org/donate
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
))
Alexander Sotirov: Hotpatching and the Rise of Third-Party Patches
Manage episode 153984320 series 1109074
内容由Black Hat and Jeff Moss提供。所有播客内容(包括剧集、图形和播客描述)均由 Black Hat and Jeff Moss 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Hotpatching is a common technique for modifying the behavior of a closed source applications and operating systems. It is not new, and has been used by old-school DOS viruses, spyware, and many security products. This presentation will focus on one particular application of hotpatching: the development of third-party security patches in the absence of source code or vendor support, as illustrated by Ilfak Guilfanov’s unofficial fix for the WMF vulnerability in December of 2005. The presentation will begin with an overview of common hotpatching implementations, including Microsoft’s hotpatching support in Windows 2003, the standard 5-byte jump overwrite and dynamic binary translation systems. I will talk briefly about the deployment and compatibility issues surrounding third party security patches, before getting technical and delving deep into the process of hotpatch development. I will present techniques for exploit-guided debugging and reverse engineering of vulnerable functions, as well as code for hotpatch injection and binary patching. The most fun part will be at the end of the presentation, when I will do a live demo of analyzing a vulnerability and building a hotpatch for it in 15 minutes."
…
continue reading
86集单集
Alexander Sotirov: Hotpatching and the Rise of Third-Party Patches
Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
分享
Manage episode 153984320 series 1109074
内容由Black Hat and Jeff Moss提供。所有播客内容(包括剧集、图形和播客描述)均由 Black Hat and Jeff Moss 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Hotpatching is a common technique for modifying the behavior of a closed source applications and operating systems. It is not new, and has been used by old-school DOS viruses, spyware, and many security products. This presentation will focus on one particular application of hotpatching: the development of third-party security patches in the absence of source code or vendor support, as illustrated by Ilfak Guilfanov’s unofficial fix for the WMF vulnerability in December of 2005. The presentation will begin with an overview of common hotpatching implementations, including Microsoft’s hotpatching support in Windows 2003, the standard 5-byte jump overwrite and dynamic binary translation systems. I will talk briefly about the deployment and compatibility issues surrounding third party security patches, before getting technical and delving deep into the process of hotpatch development. I will present techniques for exploit-guided debugging and reverse engineering of vulnerable functions, as well as code for hotpatch injection and binary patching. The most fun part will be at the end of the presentation, when I will do a live demo of analyzing a vulnerability and building a hotpatch for it in 15 minutes."
…
continue reading
86集单集
Tüm bölümler
×
欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。
类似 Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference 的节目
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Three nerds discussing tech, Apple, programming, and loosely related matters.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Welcome to the Enjoying Everyday Life TV podcast with Joyce Meyer. To learn more, visit our website at joycemeyer.org or download the Joyce Meyer Ministries App. By supporting Joyce Meyer Ministries, you can help us reach hurting people around the world. To find out more, go to joycemeyer.org/donate
…
continue reading
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
