Penetration Testing mailing list archives
Re: Good advice: Learn Assembly
From: Jan Muenther <jan.muenther () nruns com>
Date: Sat, 16 Aug 2008 20:43:05 +0200
Hi,
I have a personal goal of learning how to find vulnerabilities with fuzzers and code POCs (preferably in Python).You will need assembly knowledge in order to write exploits, not primarily to write shellcode, but rather to get to the point where that shellcode is executed at all. As of the shellcode itself, indeed, there's plenty of great code around, and metasploit's a fabulous resource for that. Point is: Without understanding the inner functioning of the executable you're trying to exploit, you're not very likely to get your code executed in the first place.Now I've gotten the traditional advice of "learn assembly" from a couple of folks. I wonder if that is necessary these days. I always thought one needed to learn assembly to code shell code. With the capabilities of Metasploit, I wonder if this is still true? Do you need to know assembly coding to decipher the output of disassemblers like IDA Pro or debuggers like Olly?
-- Jan Muenther, CTO Security, n.runs AG jan.muenther () nruns com ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Good advice: Learn Assembly Jim Kelly (Aug 16)
- Re: Good advice: Learn Assembly Jan Muenther (Aug 16)
- Re: Good advice: Learn Assembly Joel Jose (Aug 16)
- Re: Good advice: Learn Assembly Micheal Cottingham (Aug 16)
- Re: Good advice: Learn Assembly Omar Herrera (Aug 16)
- Re: Good advice: Learn Assembly Colin Copley (Aug 17)
- Re: Good advice: Learn Assembly Sanjay R (Aug 17)
- RE: Good advice: Learn Assembly John Vill (Aug 19)