Re: Detecting vulnerabilities to write exploits

[Gunnar Wolf <gwolf () gwolf org>]

neelima_2sha () yahoo com dijo [Fri, Dec 30, 2005 at 09:47:17AM -0000]:
> Hi All, 
>
> This is something very basic to start with the exploit writing. Can
> anyone let me know these queries: 
>
> How do you detect the vulnerability to write a exploit for this? 
>
> Basically i want to know that how do u find in any code of program
> that there is buffer overflow or any other kind of vulnerability
> existing? 
>
> How will analyse this to start writing the exploit with respect to
> this vulnerability? 
>
> I hope the query is clear.

I suggest you to take a look at Greg Hoglund's book "Exploiting
Software : How to Break Code"
(http://www.amazon.com/gp/product/0201786958/002-0006818-5852844?v=glance&n=283155),
it explains various techniques on how to find vulnerabilities, how to
exploit them, and how to break additional protections a specific
environment might have. It's not the greatest and latest, but it is a
fun and interesting read.

Also, the books that Amazon suggests as related sound interesting for
the subject. 

Greetings,

-- 
Gunnar Wolf - gwolf () gwolf org - (+52-55)1451-2244 / 5623-0154
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------