This is a nice gesture by Core, but the slides are rather brief. Is there not a white paper or set of notes that might be more useful to the online audience? mgr Mike Ruscher IT Computer and Network Security Scientist I2, CSE/CST mgruscher@cse-cst.gc.ca Phone: +1 613 991-8040 ED/C200 http://www.cse-cst.gc.ca -----Original Message----- From: Iván Arce [mailto:core.lists.exploit-dev@core-sdi.com] Sent: Wednesday, May 08, 2002 4:12 PM To: vuln-devat_private Subject: Lessons learned writing exploits Hello all Our CanSecWest presentation titled "Lessons learned writing exploits" is now available at www.corest.com/presentations/CanSecWest2002.htm For those that did not attend CanSecWest: you missed a great conference! be there next year! Brief on the presentation: Over the past several months Gerardo Richarte (co-speaker at CSW2002) was fully dedicated to writing exploit code for our penetration testing tool, CORE IMPACT, we were aiming at what we arbitrary termed "Profesional Grade Exploit Code", that is exploits that are easily maintainable, portable, reliable, work on almost all scenarios and fail safe (do not break things when they fail). In that process we learned a lot of things about how to write exploit code and identified some interesting concepts and approaches. Our CanSecWest presentation is our initial attempt at reporting this findings -ivan --- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, Its nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce Ivan Arce CTO CORE SECURITY TECHNOLOGIES 44 Wall Street - New York, NY 10005 Ph: (212) 461-2345 Fax: (212) 461-2346 http://www.corest.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ----- Original Message ----- From: Jonathan Bloomquist <core.lists.exploit-dev@core-sdi.com> To: <vuln-devat_private> Cc: <vuln-devat_private> Sent: Wednesday, May 08, 2002 2:09 PM Subject: Re: Publishing Nimda Logs - Summary > > --- "Deus, Attonbitus" <Thorat_private> wrote: > > > 4) Jonathan Bloomquist and others actively connect > > to offenders to send net > > messages to the console. Pretty cool. > > I should clarify - that script was posted to slashdot > and I didn't write it. I don't admin any production > web servers, just ones I build in my test environments > so I have not actually run that script. > > > > > Next Step: > > I will probably proceed with my project, taking into > > account the > > suggestions of the posters. One thing now interests > > me more... > > In the vein of JBloomquist's post and another poster > > who said to > > reverse-patch the systems, I am willing to peek into > > Pandora's Box and > > explore that precise option- > > Waiting for an attack, and then reverse-patching the > > box. Please don't > > tell me about the legal ramifications- I don't care > > about that yet. What I > > would like to know is if anyone has such an animal, > > or how one would go > > about reverse-patching an attacking system-- I can't > > write that code, but > > would really like to try it out. > > I lean more to the side of shaming the admins into > fixing them than ignoring them. However, sending a > message is one thing, but actually patching their box > is going a bit too far for me even if it is to help > them. Warn 'em, shame 'em, scream at 'em, and mail > bomb their ISP until they take action, but make each > site patch themselves. > > "If we kill 'em they won't learn nuthin'." > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com --- for a personal reply use: =?iso-8859-1?Q?Iv=E1n_Arce?= <ivan.arceat_private>
This archive was generated by hypermail 2b30 : Thu May 09 2002 - 13:46:51 PDT