Dailydave mailing list archives
Re: VisualSploit redux
From: Burns Bryan <bburns () juniper net>
Date: Tue, 23 May 2006 11:45:12 -0700
1) Best. Icons. Ever.2) This is *really* cool. This could cut exploit development time by a significant amount of time. Now you just need a way to "export" these exploits into CANVAS for future use..
-Bryan On May 23, 2006, at 4:18 AM, Dave Aitel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So it was interesting to see how people in class today reacted to VisualSploit 1.0. Since it was the first time we'd ever had someoneoutside of Immunity use the tool, we had no idea what to expect. And, asalways, people came from a wide array of backgrounds - from people whohad been programming for thirty years, to people who had no programmingexperience at all.Overall, although there were some minor bugs, I think everyone got a lotout of it. I think the concepts went across a lot faster because therewas no need to teach an API or a language syntax at all. Even if someoneis a master programmer, they're not necessarily a master at using your particular libraries, so they appreciate the GUI candy wrapper. One thing I think is different about exploits written in a visual language is that they're much easier to debug. Someone comes and looks over your shoulder and they can immediately see exactly what it is youare doing. You can demonstrate a binary search and it's visually obviouswhat the algorithm is from the "code".Of course, the simplicity is just the start for VisualSploit. Only whenyou have a structure like VS can you start to automate exploitation.We've been seeing a lot of advantage for the past few years from a toolBas whipped up called "PDB" which is essentially a Python automateddebugger for Windows. For advanced problems, you really NEED a powerfulexploit development framework to even get close to a reliable exploit.But VS allows us to tie a human onto the turret and get the advantage oftwo kinds of brains on every problem. Lately I've been working on an automated decoder creator. It has aregister allocator, a specialized intermediate language, etc. The weirdthing is that it actually works - you can create an infinite number ofdecoders that passes a simple [tolower(),\r,\n,\x00] filter. But with afew more lines of Python, everyone who can double-click can take advantage of that.... Anyways, there's a movie here: http://www.immunitysec.com/documentation/vs_niprint.html Let me know what you think! - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEcu9stehAhL0gheoRAjR4AJ9Bohv1tMYd0s+OmTmRyTqhqauHvQCfRa1f 3b/ulrIGi0BHl4gX5h6Jrp4= =OAa6 -----END PGP SIGNATURE-----
Current thread:
- VisualSploit redux Dave Aitel (May 23)
- Re: VisualSploit redux Burns Bryan (May 23)
- Re: VisualSploit redux H D Moore (May 23)
- Re: VisualSploit redux Bas Alberts (May 23)
- <Possible follow-ups>
- VisualSploit redux Damian Gomez (May 23)