Dailydave mailing list archives

VisualSploit redux

From: Dave Aitel <dave () immunityinc com>
Date: Tue, 23 May 2006 07:18:04 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So it was interesting to see how people in class today reacted to
VisualSploit 1.0. Since it was the first time we'd ever had someone
outside of Immunity use the tool, we had no idea what to expect. And, as
always, people came from a wide array of backgrounds - from people who
had been programming for thirty years, to people who had no programming
experience at all.

Overall, although there were some minor bugs, I think everyone got a lot
out of it. I think the concepts went across a lot faster because there
was no need to teach an API or a language syntax at all. Even if someone
is a master programmer, they're not necessarily a master at using your
particular libraries, so they appreciate the GUI candy wrapper.

One thing I think is different about exploits written in a visual
language is that they're much easier to debug. Someone comes and looks
over your shoulder and they can immediately see exactly what it is you
are doing. You can demonstrate a binary search and it's visually obvious
what the algorithm is from the "code".

Of course, the simplicity is just the start for VisualSploit. Only when
you have a structure like VS can you start to automate exploitation.
We've been seeing a lot of advantage for the past few years from a tool
Bas whipped up called "PDB" which is essentially a Python automated
debugger for Windows. For advanced problems, you really NEED a powerful
exploit development framework to even get close to a reliable exploit.
But VS allows us to tie a human onto the turret and get the advantage of
two kinds of brains on every problem.

Lately I've been working on an automated decoder creator. It has a
register allocator, a specialized intermediate language, etc. The weird
thing is that it actually works - you can create an infinite number of
decoders that passes a simple [tolower(),\r,\n,\x00] filter. But with a
few more lines of Python, everyone who can double-click can take
advantage of that....

Anyways, there's a movie here:
http://www.immunitysec.com/documentation/vs_niprint.html

Let me know what you think!

- -dave



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEcu9stehAhL0gheoRAjR4AJ9Bohv1tMYd0s+OmTmRyTqhqauHvQCfRa1f
3b/ulrIGi0BHl4gX5h6Jrp4=
=OAa6
-----END PGP SIGNATURE-----

Current thread:

VisualSploit redux Dave Aitel (May 23)
- Re: VisualSploit redux Burns Bryan (May 23)
- Re: VisualSploit redux H D Moore (May 23)
  - Re: VisualSploit redux Bas Alberts (May 23)
- <Possible follow-ups>
- VisualSploit redux Damian Gomez (May 23)