RE: "So now we have two large organizations using what Ilike to call a 'two time pad'"

["Maynor, David (ISS Atlanta)" <dmaynor () iss net>]

My speech blew. After the wireless in my room failed to give me the
ability to connect to the demo machines, my speech just crashed. My
pacing was all off and my material was about 20 minutes to short without
the demos.

-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of H D Moore
Sent: Tuesday, August 03, 2004 3:11 AM
To: dailydave () lists immunitysec com
Subject: Re: [Dailydave] "So now we have two large organizations using
what Ilike to call a 'two time pad'"

Dropping my $0.02 (inline).

On Monday 02 August 2004 18:29, dave wrote:

> Advanced Return Address Discovery using Context-Aware Machine Code
> I only caught the tail end of this talk, enough to ask my question
(see
> previous messages on this list). I'll freely admit to not
understanding
> the answer. I heard the talk was good though.
The demo gods unleashed their wrath on this talk as well; apparently the

demonstration of the context/tracing engine broke at the last minute. It

would be interesting to see what the practical benefit is to this 
technique when compared against smart opcode-scanning (ala msfpescan). 
The example given was a return address which ran through 91 instructions

before returning back to the desired register. I guess it depends on the

exploit and what you have to work with, I haven't seen a case where this

level of complexity was required. It would be nice to be proved wrong on

this point though; return



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave