SOLDIERX.COM Nobody Can Stop Information Insemination

I absolutely love the nature of opensource: anyone can check your code for errors and patch any bugs. After talking a little with a random developer who's interested in libhijack, he found a bug where I'm accessing a variable after calling free() on it. The fix was simple and he provided a patch for it. I'm releasing version 0.5.1 of libhijack today to fix the bug. It's a minor release. I'd recommend everyone to use this release rather than 0.5 formal.

You can find libhijack at its usual spot on SX Labs.

Libhijack 0.5 has been released! This is an exciting major milestone release. The major features in this release include:

Uncached function searching
Hijacking within shared objects

This release has broken two external API calls:

MapMemory
FindFunctionInGot

You'll need to pay attention to any code you've written to make sure it still works. The above API calls are completely working, but the function prototypes have changed. I've worked very hard for this release and I hope it's bug-free. I've plugged quite a few memory leaks. Check out the Texts page on 0xfeedface.org's site for the Defcon presentation slides.

Amp has started to release the first parts of his Basic Programming Concepts Tutorials. I would advise anybody interested in programming (but not familiar with) to check them out. His goal is to keep them language neutral, which I personally feel he has done a good job with. He welcomes suggestions/gripes/etc, so please contact Amp with any comments you may have.

In other news, there is a major VIP release this Wednesday. Please check the VIP forums for more information.

Amp has returned from retirement to fulfill his previous role of Presidential Adviser and resident Banhammer. While in retirement, Amp contributed more content to SOLDIERX than many of its active members. After many discussions, Amp finally agreed to return to a full time position. Due to personal issues and time constraints, cisc0ninja has decided to step down from the High Council into a regular crew position. We are still looking for new recruits, so please apply today.

We are moving the site to a temporary server today to accommodate the physical move. Due to this, there will be some downtime as DNS changes take effect. We may leave the old server up for a small amount of time after making the move, but any posts on this server will not be saved. In other words, enjoy reading content on the site today - but don't expect your posts to carry over if they are made at the wrong time. I will make a forum post to let people know which server they are on. A news post will be made when the site is back on a permanent server.

We're preparing to do some server migrations to get a bit better speed, so cisc0ninja has to brave the wilderness outside of Texas. What does this mean for us? For one it means that the site should start running much better shortly. It also means that we need to feed a hungry cisc0ninja while he's driving servers around the country. In order to help with this, we decided to offer a $5 discount on VIP donation costs from now until June 3rd, 2011. This discount only applies if you donate within this time period, no rain checks will be issued. If you are interested, please contact RaT. At $35, this is the cheapest you will probably ever be able to get VIP access (particularly since it's always voted to increase).

Every summer we look at our Inductee/Recruit list and weed out the people who really are not making the cut. What does this mean for everybody else in the community? It means there is an opportunity every summer to join the ranks of SOLDIERX. We are mainly interested in programmers and reverse engineers at the moment, but we are also looking for a few good penetration testers and data entry specialists. Data entry will require 10 entries per week into our HDB and Tool sections. As is the standard, everybody who makes the cut gets free VIP access once they are Inductee or higher. Interested? Click here for application instructions...

Kayin has released yet another tool to SX Labs. The tool is an ASP.NET Viewstate decoder. It decodes, parses, and displays all the information stored inside an asp.net page's viewstate. You can get it here. Congratulations to lattera for being chosen to present at Defcon 11. He will be presenting on his SX Labs project, Project Hijack. To learn more about his speech (Runtime Process Insemination), please visit http://defcon.org/html/defcon-19/dc-19-speakers.html#Webb.

Please take a moment to congratulate him. It's nice to see another SX Crew member representing at Defcon. This will be the fourth time a member of SX has presented at Defcon.

For those not in the know, there was an interesting talk called "Stackjacking Your Way to grsecurity/PaX Bypass" about "bypassing" a grsecurity/PaX Linux kernel that was presented at both HES and Infiltrate. The confusing thing about the talk was that it's using a vulnerability type that has been mentioned by PaX Team and Spender many times (as not being protected against). In other words, I don't see it bypassing any of the features of grsecurity/PaX - but rather just using an attack that wasn't protected against. Spender gave a very interesting response which includes both a brief discussion and some fancy new features.

We hope everybody enjoyed yesterday's April Fools joke.