[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dailydave
Subject:    [Dailydave] More unethical haxing
From:       Dave Aitel <dave () immunityinc ! com>
Date:       2006-04-21 0:29:57
Message-ID: 44482785.3090306 () immunityinc ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So it's fun going up to an armed security officer and telling him
you're here to teach a class, and when he asks you the name of the
class, say "Unethical Hacking". He didn't even blink, which surprised
me. My favorite moments in class are always when people realize that
they can actually write exploits - they're not slaves to the system
anymore.

The other fun moment for me was showing them they could write
shellcode, by quickly writing one up in class. Just a simple WinExec
shellcode, but we went from "It'd be nice to have this to" "Working
API" in about a half hour. That's what I have to say to everyone who a
couple years back told me MOSDEF was over-engineered. :>

Some things aren't over-engineered enough, in my opinion. Like, here's
what I want in Ollydbg. I want to be able to click on an instruction
and a destination and say:

for i in range(0,maxint):
   eax = i
   emulate_program_until_address(destination) #or preferably just run
the program and restore state, but that's harder
   if eax<0x10000:
      print "Integer overflow found at value %x"%i

Python + debugger = fucking good debugger. I know brute-forcing like
that gives Sinan and Halvar hives, but it's the american in me: I like
to throw 500 pound bombs at small problems that a 5 pound brain should
fix.

Here's my link of the day:
theyellowbus.blogspot.com

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFESCeEB8JNm+PA+iURAvkVAJ0W5ZV+/uSUK23+PkDkak2Eool3WACgylQN
ZIJwhbNkYbMLh8CcX9h5zaI=
=jopl
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]