Strategic Surprise

847 views
779 views

Published on

Published in: Technology, Spiritual
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
847
On SlideShare
0
From Embeds
0
Number of Embeds
139
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Strategic Surprise

  1. 1. Strategic Surprise
  2. 2. My name is Nico Waismanand I have an obsession
  3. 3. The Past
  4. 4. Once upon a time inMexico...
  5. 5. Advance Dougs Leas malloc exploitsVudo - An object superstitiouslybelieved to embody magical powersOnce upon a free()
  6. 6. Wuftpd glob/site execGobbles openssh exploit(FUCKYOUTHEO)Pserverd - 4c1db1tch3zSolar Designer Netscape JPEG exploit
  7. 7. Understand yourexploitation domain
  8. 8. Reverse, Reverse andReverse a littlebit more
  9. 9. Debug, Debug andDebug a littlebit more
  10. 10. Five Ws
  11. 11. The Present
  12. 12. Why is HDMoore Sad?Disclaimer: The imagery used in this Slide may have been altered or modified to some degree from theoriginal image
  13. 13. Exploits are hard...
  14. 14. When was the last timeyou saw a realpublic exploit?
  15. 15. Bindiff Exploits
  16. 16. Post Mortem Exploits
  17. 17. Dry Humping Exploits
  18. 18. ExcitementSuccess Deception Faith Depression
  19. 19. Hope is not aBusiness Plan
  20. 20. Exploits are hard... ...but it was always being
  21. 21. DEP SafeSEHASLR Code SecurityCookies Metadata encryption
  22. 22. The Element of Surprise
  23. 23. Team vs Individuals
  24. 24. Researchers
  25. 25. You dont need a researcher,you need a unicorn
  26. 26. Programmer
  27. 27. LAB
  28. 28. Management
  29. 29. Windows 2000 Windows Vista 1d: Triggering the bug 1 d: Triggering the bug 2-4d: Understanding the heap layout 1-2d: Understanding the heap layout2-5d: Finding Soft and Hard Memleaks 2-5d: Finding Soft and Hard Memleaks 5-8d : Finding a reliable Write4 10-30d : Overwriting a the correct memory1-2d: Function Pointers and Shellcode 2-5 days: Function pointer and Shellcode
  30. 30. Windows 2000 Windows Vista 1d: Triggering the bug 1 d: Triggering the bug 2-4d: Understanding the heap layout 1-2d: Understanding the heap layout2-5d: Finding Soft and Hard Memleaks 2-5d: Finding Soft and Hard Memleaks 5-8d : Finding a reliable Write4 10-30d : Overwriting a the correct memory1-2d: Function Pointers and Shellcode 2-5 days: Function pointer and Shellcode
  31. 31. Protection never targetwhat we alwaysaim for...
  32. 32. Bug classes diePrimitives dont
  33. 33. Nowadays exploitationtechniques are crumbs of the 90 great banquet
  34. 34. There are No Surprises
  35. 35. Questions? nico@immunityinc.com @nicowaisman

×