Re: No sellout. was: RE: Lynn / Cisco shellcode

[Holden Williamson <limeyhaqr () gmail com>]

> I think the major issues that Mike brought to light that most
> experienced people walked away from the presentation with
> (me included) were that there are ways to fool IOS's check_heaps
> function which preemptively reboots the device if something is
> amiss (usually thwarting most exploit attempts) and that the

Didn't FX@Phenoelit already cover this a year ago or more? If I
remember correctly he described the whole process as "basic
exploitation with a few tricky things".

> upcoming versions of IOS will make exploitation MUCH easier by
> creating aligned address space across multiple versions of IOS,
> which currently change with each /build/ of the software.

And if your exploits are primitive enough that they can't work around
not knowing exactly hard-coded where in memory they're aiming at with
their write4 then .... OH I get it. People are happy because suddenly
those with quasi-zero technical exploitation ability can write
exploits for Cisco hardware. Makes sense now.

<3

-holden
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave