TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... Most phishing sites are hosted on compromised Apache + PHP + MySQL servers located in the US. Our Digital Vaccine service includes filters specifically designed to prevent potential victims from reaching many of these malicious sites.

Exploiting MS Advisory 971778: QuickTime DirectShow

On May 28th, 2009 Microsoft released MS Security Advisory 971778 titled Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution. This vulnerability should be considered high-risk as it allows for remote code execution through a browser using the Windows Media Player ActiveX control. In this blog post I provide a brief walk through of the details of this issue and touch upon how it can be exploited in a reliable fashion.

What's Worse Than Finding a Bug in Your Apple?

Finding multiple bugs! Seriously, though, our most recent Digital Vaccine, DV7721 ...

The iPhone 3.0 Conundrum

Some features generally need to be looked at by a pessimistic jerk. If nobody else will step up, I'll be that guy.

Authoring a Technical Book

In July of 2007 two former colleagues and myself had our book "Fuzzing: Brute Force Vulnerability Discovery" published through Addison-Wesley. The book is under 600 pages and took well over a year to complete, during which the bulk of my free time and weekends were dedicated to completing the project. I learned a lot throughout the ordeal, especially with regards to the process of publishing. From conception to final press, here are some basic notes that should help reduce frustrations for anyone looking to author a technical book.

MindshaRE: Finding ActiveX Methods Dynamically

Today we step back into the world of COM/ActiveX to dynamically find object methods in a binary. This is probably the quickest way to identify the code handling the javascript/vbscript invocation of methods. This can then allow the researcher to audit the method for any potential vulnerabilities.MindshaRE is our monthly look at some simple reverse engineering tips and tricks. The goal is to keep things small and discuss every day aspects of reversing. You can view previous entries here b ...