Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Good advice: Learn Assembly

From: Jan Muenther <jan.muenther () nruns com>
Date: Sat, 16 Aug 2008 20:43:05 +0200
Hi,
I have a personal goal of learning how to find vulnerabilities with fuzzers and code POCs (preferably in Python).
Now I've gotten the traditional advice of "learn assembly" from a couple of folks. I wonder if that is necessary these days. I always thought one needed to learn assembly to code shell code. With the capabilities of Metasploit, I wonder if this is still true? Do you need to know assembly coding to decipher the output of disassemblers like IDA Pro or debuggers like Olly?
You will need assembly knowledge in order to write exploits, not primarily to write shellcode, but rather to get to the point where that shellcode is executed at all. As of the shellcode itself, indeed, there's plenty of great code around, and metasploit's a fabulous resource for that. Point is: Without understanding the inner functioning of the executable you're trying to exploit, you're not very likely to get your code executed in the first place. 

--
Jan Muenther, CTO Security, n.runs AG
jan.muenther () nruns com


------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications 
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: