Behrooz_Ice
02-22-2004, 11:16 AM
Category: Articles -> Intrusion Detection
When running a public Internet servers, it is always a good idea to harden your system using tools like stack execution protection, random binaries relocation and so on. Those methods, while giving protection about remote exploits, are very poor when it comes to forensic analysis and debugging of the attack. It is the purpose of this document to introduce a new method called Guarded Memory Move or, more shortly, GMM. Enjoy IT!
When running a public Internet servers, it is always a good idea to harden your system using tools like stack execution protection, random binaries relocation and so on. Those methods, while giving protection about remote exploits, are very poor when it comes to forensic analysis and debugging of the attack. It is the purpose of this document to introduce a new method called Guarded Memory Move or, more shortly, GMM. Enjoy IT!