• Like
  • Save
Strategic Surprise
Upcoming SlideShare
Loading in...5
×
 

Strategic Surprise

on

  • 770 views

 

Statistics

Views

Total Views
770
Views on SlideShare
636
Embed Views
134

Actions

Likes
0
Downloads
2
Comments
0

1 Embed 134

http://negativefoo.org 134

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Strategic Surprise Strategic Surprise Presentation Transcript

    • Strategic Surprise
    • My name is Nico Waismanand I have an obsession
    • The Past
    • Once upon a time inMexico...
    • Advance Dougs Leas malloc exploitsVudo - An object superstitiouslybelieved to embody magical powersOnce upon a free()
    • Wuftpd glob/site execGobbles openssh exploit(FUCKYOUTHEO)Pserverd - 4c1db1tch3zSolar Designer Netscape JPEG exploit
    • Understand yourexploitation domain
    • Reverse, Reverse andReverse a littlebit more
    • Debug, Debug andDebug a littlebit more
    • Five Ws
    • The Present
    • Why is HDMoore Sad?Disclaimer: The imagery used in this Slide may have been altered or modified to some degree from theoriginal image
    • Exploits are hard...
    • When was the last timeyou saw a realpublic exploit?
    • Bindiff Exploits
    • Post Mortem Exploits
    • Dry Humping Exploits
    • ExcitementSuccess Deception Faith Depression
    • Hope is not aBusiness Plan
    • Exploits are hard... ...but it was always being
    • DEP SafeSEHASLR Code SecurityCookies Metadata encryption
    • The Element of Surprise
    • Team vs Individuals
    • Researchers
    • You dont need a researcher,you need a unicorn
    • Programmer
    • LAB
    • Management
    • Windows 2000 Windows Vista 1d: Triggering the bug 1 d: Triggering the bug 2-4d: Understanding the heap layout 1-2d: Understanding the heap layout2-5d: Finding Soft and Hard Memleaks 2-5d: Finding Soft and Hard Memleaks 5-8d : Finding a reliable Write4 10-30d : Overwriting a the correct memory1-2d: Function Pointers and Shellcode 2-5 days: Function pointer and Shellcode
    • Windows 2000 Windows Vista 1d: Triggering the bug 1 d: Triggering the bug 2-4d: Understanding the heap layout 1-2d: Understanding the heap layout2-5d: Finding Soft and Hard Memleaks 2-5d: Finding Soft and Hard Memleaks 5-8d : Finding a reliable Write4 10-30d : Overwriting a the correct memory1-2d: Function Pointers and Shellcode 2-5 days: Function pointer and Shellcode
    • Protection never targetwhat we alwaysaim for...
    • Bug classes diePrimitives dont
    • Nowadays exploitationtechniques are crumbs of the 90 great banquet
    • There are No Surprises
    • Questions? nico@immunityinc.com @nicowaisman