[...]... 623 Chapter 1 Writing Exploits and Security Tools Chapter Details: ■ The Challenge of Software Security ■ The Increase of Exploits ■ Exploits vs Buffer Overflows ■ Definitions Summary Solutions Fast Track Frequently Asked Questions 1 2 Chapter 1 • Writing Exploits and Security Tools Introduction Exploits In most information technology circles these days, the term exploits has become synonymous... vulnerability analysis, and he has published numerous advisories and papers on Windows security xi Contents Chapter 1 Writing Exploits and Security Tools 1 Introduction 2 The Challenge of Software Security 2 Microsoft Software Is Not Bug Free 4 The Increase in Exploits via Vulnerabilities 7 Exploits vs Buffer Overflows... (such as FTP and Web clients), and all local applications that include media players and console games One wonders how many of these vulnerabilities are spawned from poor architecture, design versus, or implementation 3 4 Chapter 1 • Writing Exploits and Security Tools Oracle’s Larry Ellison has made numerous statements about Oracle’s demigod-like security features and risk-free posture, and in each... Writing Exploits and Security Tools • Chapter 1 Go with the Flow… Vulnerabilities and Remote Code Execution The easiest way to be security famous is to find a Microsoft-critical vulnerability that results in remote code execution This, complemented by a highly detailed vulnerability advisory posted to a dozen security mailing lists, and BAM! You’re known The hard part is making your name stick Expanding... believe you will be an uber-hacker or exploit writer after reading this, but you will have the tools and knowledge afterward to read, analyze, modify, and write custom exploits and enhance security tools with little or no assistance The Challenge of Software Security Software engineering is an extremely difficult task and of all software creation-related professions, software architects have quite possibly... impossible feat in itself Writing Exploits and Security Tools • Chapter 1 Gartner Research has stated in multiple circumstances that software and applicationlayer vulnerabilities, intrusions, and intrusion attempts are on the rise However, this statement and its accompanying statistics are hard to actualize due to the small number of accurate, automated application vulnerability scanners and intrusion detection... monetarily tied information security skill 5 6 Chapter 1 • Writing Exploits and Security Tools Figure 1.1 A Typical Microsoft Security Advisor Remote code execution vulnerabilities can quickly morph into automated threats such as network-borne viruses or the better known Internet worms.The Sasser worm, and its worm variants, turned out to be one of the most devastating and costly worms ever released... buffer overflow allows attackers to find and inject the exploit code on the Writing Exploits and Security Tools • Chapter 1 remote targets Afterward, that code copies itself locally and proliferates to new targets using the same scanning and exploitation techniques It’s no coincidence that once a good exploit is identified, a worm is created Additionally, given today’s security community, there’s a high likelihood... behavior But we will sit back and watch.” In an e-mail exchange, a Phrack representative told TSG, “We have no link with this guy in any way, and we don’t even 9 10 Chapter 1 • Writing Exploits and Security Tools know his identity.” The hacked page also contained a derogatory reference to the Digital Millennium Copyright Act, or DMCA, the federal law aimed at cracking down on digital and online piracy In addition,... in general and application-layer security research, network design, social engineering, and secure programming, including C, Java, and Lisp Blake Watts is a Senior R&D engineer with McAfee Foundstone and has previously held research positions with companies such as Bindview, Guardent (acquired by Verisign), and PentaSafe (acquired by NetIQ) His primary area of expertise is Windows internals and vulnerability . Foster Vincent Liu Writing Security Tools and Exploits 362_Writ_Sec_FM.qxd 11/25/05 1:31 PM Page iii Syngress Publishing, Inc., the author(s), and any person. IMWQ295T6T PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370 Writing Security Tools and Exploits Copyright © 2006 by Syngress Publishing, Inc.All