Strategic Surprise

download Strategic Surprise

If you can't read please download the document

TAGS:

Transcript of Strategic Surprise

  • 1. Strategic Surprise

2. My name is Nico Waismanand I have an obsession 3. The Past 4. Once upon a time inMexico... 5. Advance Dougs Leas malloc exploitsVudo - An object superstitiouslybelieved to embody magical powersOnce upon a free() 6. Wuftpd glob/site execGobbles openssh exploit(FUCKYOUTHEO)Pserverd - 4c1db1tch3zSolar Designer Netscape JPEG exploit 7. Understand yourexploitation domain 8. Reverse, Reverse andReverse a littlebit more 9. Debug, Debug andDebug a littlebit more 10. Five Ws 11. The Present 12. Why is HDMoore Sad?Disclaimer: The imagery used in this Slide may have been altered or modified to some degree from theoriginal image 13. Exploits are hard... 14. When was the last timeyou saw a realpublic exploit? 15. Bindiff Exploits 16. Post Mortem Exploits 17. Dry Humping Exploits 18. ExcitementSuccessDeceptionFaith Depression 19. Hope is not aBusiness Plan 20. Exploits are hard......but it was always being 21. DEP SafeSEHASLR Code SecurityCookies Metadata encryption 22. The Element of Surprise 23. Team vs Individuals 24. Researchers 25. You dont need a researcher,you need a unicorn 26. Programmer 27. LAB 28. Management 29. Windows 2000 Windows Vista 1d: Triggering the bug 1 d: Triggering the bug2-4d: Understanding the heap layout1-2d: Understanding the heap layout2-5d: Finding Soft and Hard Memleaks 2-5d: Finding Soft and Hard Memleaks5-8d : Finding a reliable Write4 10-30d : Overwriting a the correctmemory1-2d: Function Pointers and Shellcode2-5 days: Function pointer and Shellcode 30. Windows 2000Windows Vista 1d: Triggering the bug1 d: Triggering the bug2-4d: Understanding the heap layout 1-2d: Understanding the heap layout2-5d: Finding Soft and Hard Memleaks2-5d: Finding Soft and Hard Memleaks5-8d : Finding a reliable Write410-30d : Overwriting a the correctmemory1-2d: Function Pointers and Shellcode 2-5 days: Function pointer andShellcode 31. Protection never targetwhat we alwaysaim for... 32. Bug classes diePrimitives dont 33. Nowadays exploitationtechniques are crumbs of the 90 great banquet 34. There are No Surprises 35. Questions? [email protected] @nicowaisman


Table of Contents - Insidesales.comstatic.insidesales.com/assets/pdf/2013 Top Sales Challenges.pdf · Table of Contents Executive Summary ... To no surprise, ... strategic solutions

Table of Contents - Insidesales.comstatic.insidesales.com/assets/pdf/2013 Top Sales Challenges.pdf · Table of Contents Executive Summary ... To no surprise, ... strategic solutions

Surprise 6

Surprise 6

Opening Surprise

Opening Surprise

STRATEGIC SURPRISE IN THE KOREAN WAR · STRATEGIC SURPRISE IN THE KOREAN WAR 11. A. DeWeerd The RAND Corporation, Santa Monica, California ... -6-of the Berlin Blozkade indicated,

STRATEGIC SURPRISE IN THE KOREAN WAR · STRATEGIC SURPRISE IN THE KOREAN WAR 11. A. DeWeerd The RAND Corporation, Santa Monica, California ... -6-of the Berlin Blozkade indicated,

Transformation and Strategic Surprise

Transformation and Strategic Surprise

STRATEGIC SURPRISE IN THE PERSIAN G!LF WAR

STRATEGIC SURPRISE IN THE PERSIAN G!LF WAR

Birthday Surprise

Birthday Surprise

Surprise Strassenmagazin

Surprise Strassenmagazin

UNOS SURPRISE - advs.usu.edu · UNOS SURPRISE 2005 Sorrel Mare Surprise Enterprise {Be Aech Enterprise Jerry Lees Surprise {Jimmys Valentine ... Dam of 6 foals, 3 money-earn ers,

UNOS SURPRISE - advs.usu.edu · UNOS SURPRISE 2005 Sorrel Mare Surprise Enterprise {Be Aech Enterprise Jerry Lees Surprise {Jimmys Valentine ... Dam of 6 foals, 3 money-earn ers,

TRANSFORMATION AND STRATEGIC SURPRISE - dtic.mildtic.mil/dtic/tr/fulltext/u2/a433054.pdf · surprise, and relates it to the current military transformation. He argues that the kind

TRANSFORMATION AND STRATEGIC SURPRISE - dtic.mildtic.mil/dtic/tr/fulltext/u2/a433054.pdf · surprise, and relates it to the current military transformation. He argues that the kind

DSB Summer Study Report on Strategic Surprise · DSB Summer Study on Strategic Surprise 3 be a major cyber attack that changes the American way of life, such as a cyber attack on

DSB Summer Study Report on Strategic Surprise · DSB Summer Study on Strategic Surprise 3 be a major cyber attack that changes the American way of life, such as a cyber attack on

Seaside Surprise

Seaside Surprise

L.O.L. Surprise! L.O.L. SURPRISE! SECRETOS

L.O.L. Surprise! L.O.L. SURPRISE! SECRETOS

Handa's Surprise

Handa's Surprise

Surprise Symphony

Surprise Symphony

Public Works Strategic Plan - Surprise, Arizona

Public Works Strategic Plan - Surprise, Arizona

Weekend Surprise

Weekend Surprise

SURPRISE HAPPY ANGRY AFRAIDdocs.autismresearchcentre.com/tests/FacesTest.pdf · surprise happy angry afraid . scheming arrogant arrogant guilt . thoughtful arrogant surprise admiring

SURPRISE HAPPY ANGRY AFRAIDdocs.autismresearchcentre.com/tests/FacesTest.pdf · surprise happy angry afraid . scheming arrogant arrogant guilt . thoughtful arrogant surprise admiring

Mining Surprise

Mining Surprise

Why Invest in Strategic Partners? The Savings Will Surprise You

Why Invest in Strategic Partners? The Savings Will Surprise You