.

From Advisory to Exploit

<<

satyr

User avatar

Newbie
Newbie

Posts: 41

Joined: Wed Aug 11, 2010 6:15 am

Post Wed Aug 11, 2010 6:24 am

From Advisory to Exploit

i recently read an article by the same name and in interested in knowing more about how exploits are created from advisories.

kindly suggest the skill set, resources, forums/websites, certifications which may help me in this endeavor.

any suggestion in this direction would he really helpful as im starting off with limited information i have been able to collect.

thanks
<<

Knb15

Jr. Member
Jr. Member

Posts: 50

Joined: Tue Feb 23, 2010 10:18 am

Post Wed Aug 11, 2010 5:19 pm

Re: From Advisory to Exploit

satyr wrote:i recently read an article by the same name and in interested in knowing more about how exploits are created from advisories.

kindly suggest the skill set, resources, forums/websites, certifications which may help me in this endeavor.

any suggestion in this direction would he really helpful as im starting off with limited information i have been able to collect.

thanks



Hi Satyr and welcome to the forums.

Personally i don't know the answer to your question. However, from being around for a few months i've noticed that you need to be a bit more descriptive in your request to get a better answer from the guys/gals that do know the answer.

It would be useful if you provided what your current skill level is, if you have completed any certifications in the past, if you have any programming knowledge (what languages you know or are familiar with) or experience in any computer related fields.
<<

satyr

User avatar

Newbie
Newbie

Posts: 41

Joined: Wed Aug 11, 2010 6:15 am

Post Wed Aug 11, 2010 11:37 pm

Re: From Advisory to Exploit

im currently working as a pentester... i have completed CEH

i have been following tutorials for exploit development and reverse engineering and i love the entire process of exploit development.

i want to become well versed with exploit development ... right now im following tutorials ... later i want to build my own exploits

from what i have read, following advisories is one of the most logical ways to create zero day exploits.

i want to know how people create zero day exploits by following advisories...is there some site or reference material i can follow for a start ?
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Aug 12, 2010 12:06 am

Re: From Advisory to Exploit

You're probably going to be best of learning assembly. After that, The Shellcoder's Handbook and Hacking: The Art of Exploitation (2nd) are good resources to take the next step.
The day you stop learning is the day you start becoming obsolete.
<<

satyr

User avatar

Newbie
Newbie

Posts: 41

Joined: Wed Aug 11, 2010 6:15 am

Post Thu Aug 12, 2010 12:24 am

Re: From Advisory to Exploit

great :)

i am currently following Peter Van's tutorial on exploits and Lenas tutorials on reverse ingineering.

im thinking of doing a course for each one of them ...

any pointers about websites or forums to follow (along with this forum ofcourse :) )
<<

mesho

Newbie
Newbie

Posts: 24

Joined: Tue Aug 10, 2010 8:01 am

Post Thu Aug 12, 2010 5:58 am

Re: From Advisory to Exploit

<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Thu Aug 12, 2010 7:57 am

Re: From Advisory to Exploit

I'm going to put these links in order for the learning aspect of it:

http://www.amazon.com/A-Bug-Hunters-Rea ... OHD6Y2DOLQ
http://cansecwest.com/slides06/csw06-sotirov.pdf
http://www.slideshare.net/guest9f4856/r ... -injection
http://www.cs.cmu.edu/~dbrumley/pubs/apeg.pdf
http://www.metasploit.com/redmine/proje ... yToExploit

In order to understand how to create an exploit from a patch, you'd need to understand (drum roll) what was patched and why was it patched. To understand THAT you will need a hefty amount of experience in Assembly programming period. There is no shortcut around this. If you can get through Lena's tutorials, I'd suggest moving onto "Microsoft Patching Internals" (http://www.openrce.org/articles/full_view/22) After that soaks in, move over to "Binary Diffing Heuristics" (http://www.openrce.org/forums/posts/82) How about starting there then worrying about the tools.

I'm taking into account that we're talking MS based patches here as *nix based patches are visible and MS' aren't. As for blogs to follow, sites to view.

OpenRCE
http://www.openrce.org

Some good legacy articles
http://maliciousattacker.blogspot.com/

Excellent articles from Aaron
http://dvlabs.tippingpoint.com/blog/

Veracode
http://www.veracode.com/blog/category/binary-analysis/

Nico!
http://eticanicomana.blogspot.com/

Dino
http://trailofbits.com/

Halvar
http://addxorrol.blogspot.com/

MUST follow... Reversing on this level is a royal pain and not for the impatient. As mentioned already, Pentest.Cryptocity is another must. Beginning with "Reverse Engineering" (http://pentest.cryptocity.net/reverse-engineering/). I'd suggest you watch it over a few times paying exact attention to what he is saying with regards to structure and discipline prior to even opening a tool.

Lastly, a "stumbleupon" approach: http://www.reddit.com/r/ReverseEngineering/
<<

satyr

User avatar

Newbie
Newbie

Posts: 41

Joined: Wed Aug 11, 2010 6:15 am

Post Sun Aug 15, 2010 10:51 pm

Re: From Advisory to Exploit

whoa :O
thanks a ton mate for the wonderful reply... im sure this will keep me and anyone interested in the same , busy for quiet a while :)

cheers to you :D

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software