Re: Exploit writing thoughts

["Halvar Flake" <halvar () gmx de>]

dave wrote:
> One of the hard things about exploits (especially these days) is that
> you have to absorb a LOT of failure in order to get the spectacular
> results that are your bread and butter. Exploit devs have huge egos by
> way of necessity and are tenacious like an Overtown pitbull, so one of
> the harder parts of the job is to tell them to "give up, find another
> one".
There is also often a strange tradeoff involved: You can invest more
time in finding bugs
(not only mem corruption, but also all those wacky little things that I
call "glue" bugs --
they help making the rest stick together). You do this in the hope of
being paid back this
time investment in the exploitation step.

I like to call exploit development the "IKEA game". Each weird bug that
you find is a random
piece out of IKEA's spare parts depot. Your task is to build a chair
that someone can sit on.

You can "draw" an additional piece by spending more time reading the
code. Often, you draw
a piece, and then think: Ahh great, wtf am I supposed to do with *this* ?

Sometimes, you end up with 3 coat hangers and some paper. Sometimes you get
a full chair that is just missing a leg. Sometimes you get a can of
superglue and two pounds of
sawdust.


The tenaciousness of most exploit devs is also reflected in "there is no
failure, just
a waiting loop until I get time to do another draw". You don't give up,
you pick up
something else while waiting for a good idea.

Cheers,
Halvar
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave