Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Latest HackInTheBox Conference Materials

From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Wed, 31 Dec 2003 15:51:34 -0600
The HITB staff is still incredibly busy, trying to sort out the all of the 
financial cruft and organize the materials. They should have most of the 
materials online by the end of January.

LSD's presentation was an in-depth look at the DCOM interface, how to 
fingerprint the OS based on the available interfaces, and a basic review 
of two tools they developed.

Both of the tools presented were still being finalized at 6:00am the day 
of their talk, half of the members were up all night finishing slides and 
code (hell, so was I for the first two nights).

The first tool was called "fa" for flow analysis, IIRC it was a tool for 
easily tracing user-supplied RPC parameters through compiled binaries, it 
was able to detect format string and overflow bugs in this manner.

The second tool was a RPC interface decompiler. (forgot the name 
off-hand), it generated the appropriate C stubs to write a client for any 
RPC service, using just the executable. It used a number of techniques to 
scan for the the RPC structures and followed pointers around the binary 
to determine the number and type of arguments for each function in the 
RPC service.

It will probably take them some time to get the code solid enough for a 
public release; the decompiler looked like it was a real bitch to write, 
mostly because of the different RPC types (different structures, 
different signatures, etc).

Er so yeah, loosen up the tin foil, the HITB stuff is all volunteer-based, 
with a core team of maybe 5 people who are making up silly excuses to 
their real employers so they can finish up the post-conference stuff :)

If anyone cares, the reason why the public metasploit v2.0 release is 
being held back is that I got a ton of development help at the last 
minute and am trying to sort out all the new features/bug 
fixes/organization structure. Hopefully will have something available 
within the next two weeks, I really dont want to release until the 
underlying API for the exploit modules stops changing and some docs get 
written.

-HD
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: