Phrack 60 has appeared. Continuing the reading discipline.
What I found useful
Two articles particularly:
A piece on advanced heap-exploitation against modern allocators. Building on the Phrack 57 work, this article describes techniques that work against allocators with various integrity-checking improvements. The arms race continues; defenders should not assume any specific allocator-level defence is permanent.
An article on kernel-level rootkit detection from outside the host. Continuing the Phrack 59 work. The author describes specific techniques for using PCI memory access to inspect kernel state directly. The technique is non-trivial to deploy; the principle is the future of reliable rootkit detection.
What this teaches
The trajectory of increasingly-sophisticated exploitation continues. Defenders need to keep reading; the gap between attacker tradecraft and defender awareness widens whenever defenders stop.
More as the year develops.