quick poll on bug finding techniques.

["wirepair" <wirepair () roguemail net>]

lo all,
So I'm rather curious on how most people find their remote memory based bugs (overflows and so on). Do you start out 
doing binary
analysis? Tracing execution from recv on? Do you scan for ‘known’ bad functions? strcpy/strcat and other lame bugs? Set break 
points
 and go from there? Do you spray and pray with spike? A mix of all? Do you change tactics if it’s in C or C++? Set break points 
on
your ‘string’ (if it is one) and just record all the times that it is referenced by the code.

Personally I do the following (and please point out if my steps suck or I’m wasting time, I just do this because well, that’s how 
I
 taught myself to do it).

1.      SPIKE, hell why waste time analyzing if you can own it quickly.
2.      bp’s on dumb functions, might get lucky
3.      bp on my sent data, record where it comes in, where it gets copied to, how its referenced. I feel this may miss 
stuff but I
 just use it to use my time effectively.
4.      hardcore binary analysis, from recv on

I’m starting off with just doing binary analysis for fun, seeing if it ultimately saves time and just to learn and try 
to really
figure out what’s going on. I must say this process is horribly slow and was wondering if anyone has any neat tricks 
for ‘speeding
up the process.’ Or is it even a process one can speed up?  Thoughts appreciated, and would like to get some good 
conversations
going :).
-wire
--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave