INFILTRATE Video Release! Ben Watson.

[David Aitel <dave () immunityinc com>]

https://vimeo.com/269252626

Back to the future: Going back in time to abuse Android’s JIT, Benjamin
Watson, INFILTRATE 2018

There's a lot of different uses of "exploit-like" thinking, which is a
kind of rapid-fire scrappy engineering, like building a campsite before
darkness in the zombie-infested wilderness with only the tools you
brought with you, which consist of a pocket knife, some para-cord, and a
pile of soggy architectural diagrams of McMansions
<http://mcmansionhell.com/>.

I used to say that the ability to transfer a file from point A to point
B was the mark of an experienced hacker. This is harder than it sounds
<https://twitter.com/tehjh/status/979343415132467200> when doing so in
the wild!

But it is also true that locally upgrading your access from "Can execute
arbitrary Javascript in local-domain", to "can run arbitrary X86
shellcode", to "Can run any ELF binary" is real work, of the same type
of mindset.  Likewise, establishing a useful minimal persistence
mechanism can be real work on a modern platform.

So if for whatever reason you missed out on INFILTRATE itself, or were
doing the CTFs during this talk, clicky clicky! :)


-dave





_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave