Dailydave mailing list archives
Re: Exploit writing thoughts
From: Marius <wishinet () googlemail com>
Date: Thu, 08 Apr 2010 13:45:23 +0200
Am 07.04.10 22:49, schrieb Nate Lawson:
In this case, it's worth doing some poking around before providing an estimate to see how fertile the particular software or hardware is. Time spent up front may save you much more later on.
Which leads back to sufficient vulnerability discovery and analysis. Applications that have exploitable bugs are very often of the same kind. So in general an application combining lots of features (via plugins e. g.) is likely to contain an exploitable entry point. Especially that plugin architecture leads to Halvar's "IKEA" problem. In general it's: the more efficient the analysis phase, the less likely it's to waste time with non-exploitable bugs. - But having to analyze multiple targets and to combine effectively nowadays seems to be the way to go. -- Marius crazylazy.info
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Exploit writing thoughts dave (Apr 07)
- Re: Exploit writing thoughts gilhespy (Apr 07)
- Re: Exploit writing thoughts Halvar Flake (Apr 07)
- Re: Exploit writing thoughts Nate Lawson (Apr 07)
- Re: Exploit writing thoughts Marius (Apr 09)
- Re: Exploit writing thoughts Nate Lawson (Apr 07)