Presented at
DEF CON 15 (2007),
Aug. 3, 2007, 5 p.m.
(50 minutes).
Anyone who has ever developed an exploit will tell you that 90% of their development time was spent inside a debugger.Like with all software engineering, the actual implementation language of the exploit is somewhat irrelevant. The exploit is merely a solution to a problem that was solved using your debugger of choice.
Because a large percentage of your exploit development time is spent inside a debugger, the need for an exploit development oriented debugging framework becomes apparent. This framework should combine the readability of a GUI, the speed of a command line, and the flexibility of a scripting language.
During this talk we will discuss various topics that are relevant to debugging in the context of exploit development. These topics include protocol analysis, runtime data type analysis, advanced heap structure and flow analysis, and bypassing protection mechanisms.
Intelligent Debugging discusses how this process can be optimized, saving you both time and resources. Ultimately resulting in a more reliable exploit.
Presenters:
-
Damian Gomez
- Researcher, Immunity, Inc.
Damian Gomez is a Security Researcher at Immunity, which he joined in February 2006, after five years as the Chief Security Officer at Informar Argentina S.A., where his responsibilities included internal security auditing, network design, and intellectual property management with watermarking technologies. Prior to Informar, Damian worked on secure networking infrastructure at the Comision Nacional de Comunicaciones.
In addition to consulting services, Damian is an exploit developer for Immunity and is lead developer for Immunity's VisualSploit. Damian's current main project is the developing of the vuln-dev oriented Immunity Debugger and the integration of it with the other Immunity's frameworks. Damian is located at Argentina, South America.
Links:
Similar Presentations: