Dailydave mailing list archives
Re: Automatic Exploitation Paper Peer Review
From: Dave Aitel <dave.aitel () gmail com>
Date: Wed, 15 Dec 2010 06:54:48 -0500
http://www.slate.com/id/2116244/ is an interesting article on the failure of "peer review". The AEG paper is a classic example of this. The scientists have a response here: http://security.ece.cmu.edu/aeg/response.html . "Most of his post centers around our paper introduction; there appears to be no legitimate complaint about the research itself." If they want, they can feel free to defend the paper here on the list, and we can talk about the "research itself". I know all interested parties are, in fact, on this list. Sponsors, researchers, giggly hackers, etc. We can start with the section on this bit of code (slightly modified from the paper - we use this example in our classes): int function(char * arg) { char *p; char var[1000]; p = var; /*p=malloc(50);*/ strcpy(var,arg); return strlen(p); } In their paper they claim (as I understand it) that the methodology for writing their exploit is to make sure they restore p to its original value. There's a lot of basic issues with this, but the most obvious one is there when you replace p=var with the malloc line in the comment. Other massive gaping holes: 1. The shellcode creation is just a list of 20 different shellcodes? 2. The encoder/decoder problem isn't addressed at all. How do you model unicode shellcode, for example? Trying to reason about an arbitrary shellcode encoding algorithm f(x) is completely ignored. -dave On Tue, Dec 14, 2010 at 8:41 PM, Christey, Steven M. <coley () mitre org> wrote:
I would love to see a resource for real-world problems that the academic community could consider... or even a resource for other up-and-coming researchers to examine at for ideas. Such a site might not be relevant enough for PhD thesis work (which thrives on originality as I understand it?) but who knows, maybe some master’s level projects or capstones. There could even be a voting-style mechanism for other researchers to comment or offer their support. But, such an idea site would take an individual or group with the drive, willingness, and ability to actually do it, then for them to actually do it, and for the security industry to adopt/encourage it... nah, that would never happen. - Steve _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Re: Automatic Exploitation Paper Peer Review, (continued)
- Message not available
- Re: Automatic Exploitation Paper Peer Review Konrads Smelkovs (Dec 13)
- Re: {Spam?} Re: Automatic Exploitation Paper Peer Review Michael Gilhespy (Dec 13)
- Re: Automatic Exploitation Paper Peer Review Martin Žember (Dec 13)
- Re: Automatic Exploitation Paper Peer Review Kristian Erik Hermansen (Dec 14)
- Re: Automatic Exploitation Paper Peer Review Anton Chuvakin (Dec 15)
- Re: Automatic Exploitation Paper Peer Review Miles Fidelman (Dec 15)
- Re: Automatic Exploitation Paper Peer Review William Arbaugh (Dec 15)
- Re: Automatic Exploitation Paper Peer Review Sean Heelan (Dec 16)