How Can I Discover An Exploit?
Posted 04 January 2011 - 03:24 PM
what i do know is that it will be really hard .
Posted 04 January 2011 - 05:53 PM
Then read up on exploitation of what you are specifically trying to exploit to get some idea of how other people have done it then go from there.
Posted 05 January 2011 - 07:06 AM
Finding and exploiting vulnerabilities in Operating systems and softwares can be harder, but the impact is usually much greater. you need to understand how both the software and the Operating system where it is installed work, how their security is implemented, what you could do to bypass it and finally know the common types of vulnerabilities such as buffer overflows and perform research to try and find a vulnerability in the program. Within this kind of vuln, usually the program will freeze and eventually crash, and that could be a potential indicator that you found an exploitable vuln. After that you will have to overcome both operating system and software specific security measures to preotect against successfull exploitation of vulnerabilities. These protections usually blocks code execution so you can only crash the affected software upon exploiting a vuln, so that you would need to bypass them. Luckily people shared articles on how to defeat the protections. Just remember that public stuff usually gets known by Vendors and they eventually patch their system/softwares.
You should get yourself some vulnerable applications and a working exploit code (if the application has been patched, get the version that is still vulnerable) to see what happens, how it happens and what has been done to successfully exploit the vuln. that is a good start too
Embed any executable in a JPEG image and get it to run upon opening the image with this cool tool that abuses a feature of GDI in Windows systems. for governmentsecurity.org members only! click here to get it!
Posted 05 January 2011 - 12:06 PM
Posted 10 January 2011 - 09:51 AM
i don't know if you have heard of this book, but apparently its good.
I have the first print of this book. It's very good but it does not cover webapp pentesting. Still a very good read on buffer overflows, ret2libc, formatstrings.. stuff like that. Good intro into encryption too.
Come to think of it I think I'll buy latest print, should be interesting enough.
Read the rules before you post
Posted 11 January 2011 - 12:49 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users