Dailydave mailing list archives
More unethical haxing
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 20 Apr 2006 20:29:57 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So it's fun going up to an armed security officer and telling him you're here to teach a class, and when he asks you the name of the class, say "Unethical Hacking". He didn't even blink, which surprised me. My favorite moments in class are always when people realize that they can actually write exploits - they're not slaves to the system anymore. The other fun moment for me was showing them they could write shellcode, by quickly writing one up in class. Just a simple WinExec shellcode, but we went from "It'd be nice to have this to" "Working API" in about a half hour. That's what I have to say to everyone who a couple years back told me MOSDEF was over-engineered. :> Some things aren't over-engineered enough, in my opinion. Like, here's what I want in Ollydbg. I want to be able to click on an instruction and a destination and say: for i in range(0,maxint): eax = i emulate_program_until_address(destination) #or preferably just run the program and restore state, but that's harder if eax<0x10000: print "Integer overflow found at value %x"%i Python + debugger = fucking good debugger. I know brute-forcing like that gives Sinan and Halvar hives, but it's the american in me: I like to throw 500 pound bombs at small problems that a 5 pound brain should fix. Here's my link of the day: theyellowbus.blogspot.com - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFESCeEB8JNm+PA+iURAvkVAJ0W5ZV+/uSUK23+PkDkak2Eool3WACgylQN ZIJwhbNkYbMLh8CcX9h5zaI= =jopl -----END PGP SIGNATURE-----
Current thread:
- More unethical haxing Dave Aitel (Apr 22)