Dailydave mailing list archives
BOOM: WhitePhosphorus in CANVAS
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 31 Oct 2013 14:15:56 -0400
"WP" as it's known internally, is now almost completely integrated into CANVAS. I think we added something like 150 new exploits with the latest release. Not that, for me, it's about NUMBERS. Someone asked on twitter (I refuse to have real conversations in 150 chars - that kind of brevity is for shellcode, yo), how many client-side exploits in various attack tools rely on beating ASLR by loading a DLL that is not ASLR enabled. I can't think of any exploits in CANVAS that do that - I know our recent IE release does the whole corrupt->leak->parse->corrupt->DEPLIB chain to executing code, where you manipulate an internal javascript object so you can read memory, and build your exploit around that. If you have to load JAVA to exploit your target, then something is always seriously wrong, although the Chinese did that one recently that used an old World DLL, which is pretty cool. Obviously it helps if you have a SIGINT network and you know from HTTP Headers and various other sources that your target network uses Word 2003. But CANVAS/MSF/CORE can't assume that. -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- BOOM: WhitePhosphorus in CANVAS Dave Aitel (Oct 31)