Vulnerability Development mailing list archives
RE: Lessons learned writing exploits
From: Mike.Ruscher () CSE-CST GC CA
Date: Thu, 9 May 2002 12:17:57 -0400
This is a nice gesture by Core, but the slides are rather brief. Is there not a white paper or set of notes that might be more useful to the online audience? mgr Mike Ruscher IT Computer and Network Security Scientist I2, CSE/CST mgruscher () cse-cst gc ca Phone: +1 613 991-8040 ED/C200 http://www.cse-cst.gc.ca -----Original Message----- From: Iván Arce [mailto:core.lists.exploit-dev () core-sdi com] Sent: Wednesday, May 08, 2002 4:12 PM To: vuln-dev () securityfocus com Subject: Lessons learned writing exploits Hello all Our CanSecWest presentation titled "Lessons learned writing exploits" is now available at www.corest.com/presentations/CanSecWest2002.htm For those that did not attend CanSecWest: you missed a great conference! be there next year! Brief on the presentation: Over the past several months Gerardo Richarte (co-speaker at CSW2002) was fully dedicated to writing exploit code for our penetration testing tool, CORE IMPACT, we were aiming at what we arbitrary termed "Profesional Grade Exploit Code", that is exploits that are easily maintainable, portable, reliable, work on almost all scenarios and fail safe (do not break things when they fail). In that process we learned a lot of things about how to write exploit code and identified some interesting concepts and approaches. Our CanSecWest presentation is our initial attempt at reporting this findings -ivan --- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, Its nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce Ivan Arce CTO CORE SECURITY TECHNOLOGIES 44 Wall Street - New York, NY 10005 Ph: (212) 461-2345 Fax: (212) 461-2346 http://www.corest.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ----- Original Message ----- From: Jonathan Bloomquist <core.lists.exploit-dev () core-sdi com> To: <vuln-dev () securityfocus com> Cc: <vuln-dev () securityfocus com> Sent: Wednesday, May 08, 2002 2:09 PM Subject: Re: Publishing Nimda Logs - Summary
--- "Deus, Attonbitus" <Thor () HammerofGod com> wrote:4) Jonathan Bloomquist and others actively connect to offenders to send net messages to the console. Pretty cool.I should clarify - that script was posted to slashdot and I didn't write it. I don't admin any production web servers, just ones I build in my test environments so I have not actually run that script.Next Step: I will probably proceed with my project, taking into account the suggestions of the posters. One thing now interests me more... In the vein of JBloomquist's post and another poster who said to reverse-patch the systems, I am willing to peek into Pandora's Box and explore that precise option- Waiting for an attack, and then reverse-patching the box. Please don't tell me about the legal ramifications- I don't care about that yet. What I would like to know is if anyone has such an animal, or how one would go about reverse-patching an attacking system-- I can't write that code, but would really like to try it out.I lean more to the side of shaming the admins into fixing them than ignoring them. However, sending a message is one thing, but actually patching their box is going a bit too far for me even if it is to help them. Warn 'em, shame 'em, scream at 'em, and mail bomb their ISP until they take action, but make each site patch themselves. "If we kill 'em they won't learn nuthin'." __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com
--- for a personal reply use: =?iso-8859-1?Q?Iv=E1n_Arce?= <ivan.arce () corest com>
Current thread:
- RE: Lessons learned writing exploits Mike . Ruscher (May 09)