Articles¶
These are some of the articles we authored:
Dynamic Program Analysis and Software Exploitation¶
This article discusses the use of backward taint analysis to determine the exploitability of vulnerabilities. All examples presented on this article were developed and executed on an x86-64 processor-based computer running Microsoft Windows 7. Previous knowledge of vulnerability analysis and exploitation is required.
Hacking the Cell Broadband Engine Architecture¶
This article discusses software development and vulnerability exploitation in Power/Cell Broadband Engine Architecture's Synergistic Processor Element (SPE). All examples presented on this article were developed and executed using the IBM Full-System Simulator 3.0 for the Cell Broadband Engine Processor for Intel (64-bit), on an x86-64 processor-based computer running on Fedora 7 with the IBM SDK for Multicore Acceleration 3.0. Previous knowledge of vulnerability analysis and exploitation is required.
Linux on Power/Cell BE Architecture Buffer Overflow Vulnerabilities¶
This article discusses buffer overflow vulnerabilities in Linux running on Power/Cell Broadband Engine Architecture processor-based servers. All examples presented on this article were developed and executed on an IBM BladeCenter JS22 Express server, a IBM BladeCenter QS21 server, and a Sony Playstation 3, running Red Hat Enterprise Linux 4 Update 7. Previous knowledge of buffer overflows is required.
lopbuffer.pdf · View on IBM developerWorks (Part 1) · View on IBM developerWorks (Part 2)
Linux Slab Allocator Buffer Overflow Vulnerabilities¶
This article discusses buffer overflow vulnerabilities in Linux kernel's Slab Allocator. All examples presented on this article were developed and executed on a x86 processor-based computer running Slackware Linux 10.2. Previous knowledge of buffer overflows is required.
linuxslab.pdf · View on IBM developerWorks Brazil
System Management Mode Hacks¶
This article discusses the use of Intel System Management Mode (SMM) for malicious purposes. All examples presented on this article were developed and executed on an x86 processor-based computer running Debian 4.0r3 (Etch). Previous knowledge of x86 architecture is required.