Adam Sampson's buffer-overflow bookmarkshttps://bookmarks.offog.org/ats/buffer-overflowAdam Sampson2015-06-29T08:31:14ZBlind Return Oriented Programming (BROP)https://bookmarks.offog.org/edit?url=http%3A%2F%2Fwww.scs.stanford.edu%2F%7Esorbo%2Fbrop%2F2015-06-29T08:31:14Z"Evolving" an ROP attack against an automatically-restarting server. This works by finding two gadgets whose behaviour you can distinguish (e.g. crashing vs. hanging), then constructing ROP chains that will have different behaviour depending on how many items are popped, then trying lots of addresses and combinations of arguments to find gadgets. Neat!How to Prevent the next Heartbleedhttps://bookmarks.offog.org/edit?url=http%3A%2F%2Fwww.dwheeler.com%2Fessays%2Fheartbleed.html2014-05-02T22:02:37ZAn interesting review of some of the approaches that didn't prevent the OpenSSL heartbeat bug (either because they weren't effective or because they weren't applied).