Below is a listing of research authored by or contributed to by employees of Leviathan Security Group
Author: Frank Heidt and Mikhail Davidov
Abstract: The recent disclosure of a flaw in the TLS protocol specification and the
majority of its implementations has spawned wide ranging debate on the
seriousness of the vulnerability. Experts weighing in on all sides have
deemed this flaw either earthshaking or inconsequential, that it poses
either little risk to enterprises or is potentially devastating. This report
presents the current state of our research as well as our understanding of
the risks posed by the TLS Renegotiation Flaw, its ramifications for
enterprise users, and steps that can be taken to mitigate its risk during the
current window of vulnerability. http://www.leviathansecurity.com/pdf/TLS_SSL_Renegotiation_Research_Report.pdf
A tool to test various SSL and TLS implementation is available at http://www.leviathansecurity.com/pdf/ssltlstest.zip
Author: Blake Frantz
Abstract: An increasing number of websites are providing file upload capabilities to web users, following the success of
social networking sites that encourage their user community to upload arbitrary files to be shared with other
users of the site. File upload features increase the risk to the hosting site and its users. ... [more]
Author: Matt Miller
Abstract: Reliable exploitation of software vulnerabilities has continued to become more difficult as formidable mitigations have been established and are now included by default with most modern operating systems. ... [more]
Author: Blake Frantz
Abstract: During the course of this paper the reader will be (re)introduced to many concepts and tools essential to understanding and controlling native Win32 applications through the eyes of Windows Debugger (WinDBG). ... [more]
Author: Matt Miller
Abstract: This paper describes a technique that can be used to reduce the effective entropy in a given GS cookie by roughly 15 bits. ... [more]
Author: Matt Miller
Abstract: This paper describes strategies for dynamically analyzing an application's memory access behavior ... [more]
Author: Matt Miller
Abstract: This paper describes the process of implementing a custom encoder for the x86 architecture. ... [more]
Author: Matt Miller
Abstract: This paper proposes a technique that can be used to prevent
the exploitation of SEH overwrites on 32-bit Windows applications without
requiring any recompilation. ... [more]
Author: Ken Johnson, Matt Miller
Abstract: As Windows x64 becomes a more prominent platform, it will become necessary to develop techniques that improve the binary analysis process. ... [more]
Author: Ken Johnson, Matt Miller
Abstract: This paper describes a technique that can be applied in
certain situations to gain arbitrary code execution through software bugs that
would not otherwise be exploitable, such as NULL pointer dereferences. ... [more]
Author: Matt Miller, Ken Johnson Abstract: The version of the Windows kernel that runs on the x64 platform has introduced a new feature, nicknamed PatchGuard, that is intended to prevent both malicious software and third-party vendors from modifying certain critical operating system structures. ... [more]