Dailydave mailing list archives
RE: "So now we have two large organizations using what Ilike to call a 'two time pad'"
From: "Maynor, David (ISS Atlanta)" <dmaynor () iss net>
Date: Wed, 4 Aug 2004 10:31:59 -0400
My speech blew. After the wireless in my room failed to give me the ability to connect to the demo machines, my speech just crashed. My pacing was all off and my material was about 20 minutes to short without the demos. -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of H D Moore Sent: Tuesday, August 03, 2004 3:11 AM To: dailydave () lists immunitysec com Subject: Re: [Dailydave] "So now we have two large organizations using what Ilike to call a 'two time pad'" Dropping my $0.02 (inline). On Monday 02 August 2004 18:29, dave wrote:
Advanced Return Address Discovery using Context-Aware Machine Code I only caught the tail end of this talk, enough to ask my question
(see
previous messages on this list). I'll freely admit to not
understanding
the answer. I heard the talk was good though.
The demo gods unleashed their wrath on this talk as well; apparently the demonstration of the context/tracing engine broke at the last minute. It would be interesting to see what the practical benefit is to this technique when compared against smart opcode-scanning (ala msfpescan). The example given was a return address which ran through 91 instructions before returning back to the desired register. I guess it depends on the exploit and what you have to work with, I haven't seen a case where this level of complexity was required. It would be nice to be proved wrong on this point though; return _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- RE: "So now we have two large organizations using what Ilike to call a 'two time pad'" Maynor, David (ISS Atlanta) (Aug 04)