Re: VisualSploit redux

[Burns Bryan <bburns () juniper net>]

1) Best. Icons. Ever.

2) This is *really* cool.  This could cut exploit development time by  
a significant amount of time.  Now you just need a way to "export"  
these exploits into CANVAS for future use..

-Bryan

On May 23, 2006, at 4:18 AM, Dave Aitel wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So it was interesting to see how people in class today reacted to
> VisualSploit 1.0. Since it was the first time we'd ever had someone
> outside of Immunity use the tool, we had no idea what to expect.  
> And, as
> always, people came from a wide array of backgrounds - from people who
> had been programming for thirty years, to people who had no  
> programming
> experience at all.
>
> Overall, although there were some minor bugs, I think everyone got  
> a lot
> out of it. I think the concepts went across a lot faster because there
> was no need to teach an API or a language syntax at all. Even if  
> someone
> is a master programmer, they're not necessarily a master at using your
> particular libraries, so they appreciate the GUI candy wrapper.
>
> One thing I think is different about exploits written in a visual
> language is that they're much easier to debug. Someone comes and looks
> over your shoulder and they can immediately see exactly what it is you
> are doing. You can demonstrate a binary search and it's visually  
> obvious
> what the algorithm is from the "code".
>
> Of course, the simplicity is just the start for VisualSploit. Only  
> when
> you have a structure like VS can you start to automate exploitation.
> We've been seeing a lot of advantage for the past few years from a  
> tool
> Bas whipped up called "PDB" which is essentially a Python automated
> debugger for Windows. For advanced problems, you really NEED a  
> powerful
> exploit development framework to even get close to a reliable exploit.
> But VS allows us to tie a human onto the turret and get the  
> advantage of
> two kinds of brains on every problem.
>
> Lately I've been working on an automated decoder creator. It has a
> register allocator, a specialized intermediate language, etc. The  
> weird
> thing is that it actually works - you can create an infinite number of
> decoders that passes a simple [tolower(),\r,\n,\x00] filter. But  
> with a
> few more lines of Python, everyone who can double-click can take
> advantage of that....
>
> Anyways, there's a movie here:
> http://www.immunitysec.com/documentation/vs_niprint.html
>
> Let me know what you think!
>
> - -dave
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (MingW32)
>
> iD8DBQFEcu9stehAhL0gheoRAjR4AJ9Bohv1tMYd0s+OmTmRyTqhqauHvQCfRa1f
> 3b/ulrIGi0BHl4gX5h6Jrp4=
> =OAa6
> -----END PGP SIGNATURE-----