Strategic Surprise
Upcoming SlideShare
Loading in...5
×
 

Strategic Surprise

on

  • 794 views

 

Statistics

Views

Total Views
794
Views on SlideShare
660
Embed Views
134

Actions

Likes
0
Downloads
2
Comments
0

1 Embed 134

http://negativefoo.org 134

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Strategic Surprise Strategic Surprise Presentation Transcript

  • Strategic Surprise
  • My name is Nico Waismanand I have an obsession
  • The Past
  • Once upon a time inMexico...
  • Advance Dougs Leas malloc exploitsVudo - An object superstitiouslybelieved to embody magical powersOnce upon a free()
  • Wuftpd glob/site execGobbles openssh exploit(FUCKYOUTHEO)Pserverd - 4c1db1tch3zSolar Designer Netscape JPEG exploit
  • Understand yourexploitation domain
  • Reverse, Reverse andReverse a littlebit more
  • Debug, Debug andDebug a littlebit more
  • Five Ws
  • The Present
  • Why is HDMoore Sad?Disclaimer: The imagery used in this Slide may have been altered or modified to some degree from theoriginal image
  • Exploits are hard...
  • When was the last timeyou saw a realpublic exploit?
  • Bindiff Exploits
  • Post Mortem Exploits
  • Dry Humping Exploits
  • ExcitementSuccess Deception Faith Depression
  • Hope is not aBusiness Plan
  • Exploits are hard... ...but it was always being
  • DEP SafeSEHASLR Code SecurityCookies Metadata encryption
  • The Element of Surprise
  • Team vs Individuals
  • Researchers
  • You dont need a researcher,you need a unicorn
  • Programmer
  • LAB
  • Management
  • Windows 2000 Windows Vista 1d: Triggering the bug 1 d: Triggering the bug 2-4d: Understanding the heap layout 1-2d: Understanding the heap layout2-5d: Finding Soft and Hard Memleaks 2-5d: Finding Soft and Hard Memleaks 5-8d : Finding a reliable Write4 10-30d : Overwriting a the correct memory1-2d: Function Pointers and Shellcode 2-5 days: Function pointer and Shellcode
  • Windows 2000 Windows Vista 1d: Triggering the bug 1 d: Triggering the bug 2-4d: Understanding the heap layout 1-2d: Understanding the heap layout2-5d: Finding Soft and Hard Memleaks 2-5d: Finding Soft and Hard Memleaks 5-8d : Finding a reliable Write4 10-30d : Overwriting a the correct memory1-2d: Function Pointers and Shellcode 2-5 days: Function pointer and Shellcode
  • Protection never targetwhat we alwaysaim for...
  • Bug classes diePrimitives dont
  • Nowadays exploitationtechniques are crumbs of the 90 great banquet
  • There are No Surprises
  • Questions? nico@immunityinc.com @nicowaisman