| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <433CE717.5070305@immunitysec.com> Date: Fri Sep 30 08:22:02 2005 From: dave at immunitysec.com (Dave Aitel) Subject: exploit frameworks There's additional value to an exploit framework for many penetration testing specialists: being able to write exploits faster sometimes makes it possible to impress clients with a shell, rather than simply showing them a POC crash. Having good shellcode libraries for various platforms is a nice side effect of a GUI-hacking-tool that most people don't take advantage of, but for the experts, can really come in handy. This is true even within the Immunity team: having everyone able to use the heap API's Nico creates makes us all better. Realistically, most people who write exploits have their own library of tools - but there's always that first time when they think "Hey, I don't want to write a shellcode decoder for PPC today." and then they use CANVAS and if it works out, they warm up to having someone else do the grunt work for them so they can concentrate on exploiting whatever bug it is they're working on. Frameworks are just that: things you build on top of. Some people build 0days, and for others, it's automation scripts that are custom to whatever client they're working on. But it's still down to the actual skill you bring to the table. As a side note, having all your exploits in one API makes you able to do certain transformations on them. I released a presentation delivered at HITB yesterday here that demonstrates some other advantages relating to that: http://www.immunityinc.com/downloads/nematodes.sxi -dave Bernhard Mueller wrote: > > i agree with this. it's often much easier to find a bug than to exploit > it (see strange heap overflows and the like), and i also don't have the > time to spend days on disassembling and looking for attack vectors (and > i'm sure that other people will have more fun doing just that). > what i criticize is that *lots* of companies (at least here in my > vicinity) are selling cheap "vulnerability assessments" which actually > are nothing more than automated security scans. this leads to the > customer feeling safe when he's really wide open to attacks. often, > these people's networks can be rooted in no time. > sure, you don't have to be uber-31337 to do penetration tests (i'm > certainly not), but it should definitely go beyond the > "scan--+--google-for-exploit" approach. > > regards, > >
Powered by blists - more mailing lists