Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] exploit frameworks

from [Dave Aitel] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] exploit frameworks
Date: Fri, 30 Sep 2005 03:19:51 -0400
There's additional value to an exploit framework for many penetration testing specialists: being able to write exploits faster sometimes makes it possible to impress clients with a shell, rather than simply showing them a POC crash. Having good shellcode libraries for various platforms is a nice side effect of a GUI-hacking-tool that most people don't take advantage of, but for the experts, can really come in handy. This is true even within the Immunity team: having everyone able to use the heap API's Nico creates makes us all better.

Realistically, most people who write exploits have their own library of tools - but there's always that first time when they think "Hey, I don't want to write a shellcode decoder for PPC today." and then they use CANVAS and if it works out, they warm up to having someone else do the grunt work for them so they can concentrate on exploiting whatever bug it is they're working on.

Frameworks are just that: things you build on top of. Some people build 0days, and for others, it's automation scripts that are custom to whatever client they're working on. But it's still down to the actual skill you bring to the table.

As a side note, having all your exploits in one API makes you able to do certain transformations on them. I released a presentation delivered at HITB yesterday here that demonstrates some other advantages relating to that:
http://www.immunityinc.com/downloads/nematodes.sxi

-dave

Bernhard Mueller wrote:
i agree with this. it's often much easier to find a bug than to exploit
it (see strange heap overflows and the like), and i also don't have the
time to spend days on disassembling and looking for attack vectors (and
i'm sure that other people will have more fun doing just that).
what i criticize is that *lots* of companies (at least here in my
vicinity) are selling cheap "vulnerability assessments" which actually
are nothing more than automated security scans. this leads to the
customer feeling safe when he's really wide open to attacks. often,
these people's networks can be rooted in no time.
sure, you don't have to be uber-31337 to do penetration tests (i'm
certainly not), but it should definitely go beyond the
"scan--+--google-for-exploit" approach.

regards,

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [SECURITY] [DSA 830-1] New ntlmaps packages fix information leak, Martin Schulze
Next by Date:  [Full-disclosure] [ GLSA 200509-20 ] AbiWord: RTF import stack-based buffer overflow, Thierry Carrez
Previous by Thread:  Re: [Full-disclosure] CORE-Impact license bypass, sk
Next by Thread:  Re: [Full-disclosure] CORE-Impact license bypass, fd
Indexes:  [Date] [Thread] [Top] [All Lists]