Dailydave mailing list archives

Re: Dep and aslr and /gs and so on

From: huku <hk.vigster () gmail com>
Date: Fri, 27 Mar 2009 14:00:55 +0200

Hello everyone,

Personally speaking, I like facing exploitation as an 'application
dependent' process rather than something generic and universal (it's
true that it's hard to develop a universal exploit these days, not
only for Windows but for Unices as well). By having an clear insight
on how the target process works, one can develop a working exploit
that can bypass any 'anti-hacker' measure (although a generic method
for bypassing that specific measure may not exist). Honestly, have you
ever heard any experienced exploit coder telling that he failed to
exploit application XYZ? :-)

That's not impossible, that's just inflation. So deal.


Considering that the whole universe inflates, that's definetely true
:-)

Nonetheless, what I really don't like about this inflation
is that it'll prevent new kids from entering the game as
easily as we did.


I've been thinking this for quite some time now. Although I am not
that experienced when it comes to Windows exploitation, I think this
is a serious obstacle for any person who has no previous experience in
exploit coding. Yet,  it's just a matter of practice :-)

Regards
./hk

---
Don't take life seriously, it's not permanent!
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Dep and aslr and /gs and so on Dave Aitel (Mar 26)
- Re: Dep and aslr and /gs and so on Jeremy Brown (Mar 26)
  - Re: Dep and aslr and /gs and so on Curt Wilson (Mar 27)
- Re: Dep and aslr and /gs and so on Ralf-Philipp Weinmann (Mar 26)
  - Re: Dep and aslr and /gs and so on Bas Alberts (Mar 27)
  - Re: Dep and aslr and /gs and so on Trygve Aasheim (Mar 27)
  - Re: Dep and aslr and /gs and so on huku (Mar 27)