March 2018

Exim pre-auth RCE

Juggling with packets

  As such, the Internet has a non-zero momentary data storage capacity.
  It is possible to push out a piece of information and effectively have
  it stored until echoed back. By establishing a mechanism for cyclic
  transmission and reception of chunks of data to and from a number of
  remote hosts, it is possible to maintain an arbitrary amount of data
  constantly `on the wire', thus establishing a high-capacity volatile

Temporal Return Addresses (2005)

Paper (PDF)

An exploitation chronomancer is one who is capable of divining the best time to
exploit something based on the alignment of certain bytes that occur naturally
in a process’ address space

Abusing Certificate Transparency logs