nomeados para os Pwnie Awards 2011

http://pwnies.com/nominations/ 

Interessantes os nomeados para "Best Server-Side Bug", "Best Client-Side Bug", "Best Privilege Escalation Bug". Engraçados, ou não, os "Lamest Vendor Response". E o prémio para as mais interessantes nomeações vai para... "Most Innovative Research":
  • Stackjacking
    Credit: Jon Oberheide, Dan Rosenberg
    Jon Oberheide and Dan Rosenberg presented a set of techniques for exploiting Linux kernel vulnerabilities on grsec systems and inadvertantly started an arms race with spender and PaX Team. This work is a great example of research targeting one of the most difficult system to exploit.
  • Understanding and Exploiting Flash ActionScript Vulnerabilities
    Author: Haifei Li
    This research mainly answered two questions: 1) What are the inner mechanisms that cause Flash JIT-level vulnerabilities? 2) How to exploit them on modern operating systems? The answer to the first question lies in the way JIT engine performs the "verification process" (or the "bytecode verifier") of the program flow, which is not error-proof. Those errors enable potential exploitation situations. To answer the second question, the author introduced a situation deemed "Type/Atom Confusion". Then a novel technique called "IEEE-754 trick" was provided to read memory from the process when type confusion happens. Armed with those, Haifei Li was able to exploit Flash ActionScript JIT-level vulnerabilities on modern operating systems like Windows 7, bypassing both ASLR and DEP.

  • Black Box Auditing Adobe Shockwave
    Author: Aaron Portnoy, Logan Brown
    This presentation provides a very thorough review of the SmartHeap memory allocator in Adobe Shockwave. The talk focused on the methodology for reversing a large code base with no symbols and included many useful reverse engineering techniques.

  • Securing the Kernel via Static Binary Rewriting and Program Shepherding
    Author: Piotr Bania
    To implement some of the ideas from pax-future.txt is one thing, to implement them through static analysis on Windows, rewriting drivers automagically, and have it all work preserving binary compatibility across a wide range of Windows versions: that's deserving of respect.

  • Understanding the LFH heap
    Author: Chris Valasek
    This seminal paper provides the most details overview of the Low Fragmentation Heap in Vista and Windows 7. Its importance to exploitation cannot be overstated!