标签归档 » ASLR

How to use VBScript to turn on the God Mode?

What is the God Mode? This concept is came from yuange, it means if we turn on this God Mode, we can do anything we what. And What the God Mode really is? We know if we want to execute the script code in the browser to create a object like Shell.Application, the script engine will check the SafeMode. if this is set, it will block the code. That is the God Mode. Yuange also call this is DVE(Data Virtual Execution), This is just execute the script, not the binary code. So the ASLR,DEP,EMET,CFI all of the defense technology will be fail. What we are going to do is to clear the SafeMode flag. (Notice: All the following code is …..

The Art of Leaks: The Return of Heap Feng Shui(demo code)

Thanks ga1ois give us a very excellent lecture about the Art of Leaks in the consecwest. He found this way can read/write any memory of the process. Cool! And I upload the ppt here!The+Art+of+Leaks+-+read+version+-+Yoyo also you can download the ppt from his github. https://github.com/ga1ois/CanSecWest2014/blob/master/The Art of Leaks – read version – Yoyo.pdf Now I write some demo codes here