tag:blogger.com,1999:blog-6700102380087070012.post2118035386089410183..comments2023-08-12T05:47:15.366-04:00Comments on Expert: Miami: L'honneur est sauf!Kostyahttp://www.blogger.com/profile/13104454620092588028noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-6700102380087070012.post-12013544679165359762009-11-24T12:12:33.414-05:002009-11-24T12:12:33.414-05:00beaucoup apprisbeaucoup apprisAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-6700102380087070012.post-1060446691556209602009-10-14T14:38:46.181-04:002009-10-14T14:38:46.181-04:00@Matthew: There was no strategy used but a better ...@Matthew: There was no strategy used but a better understanding of the vulnerable code involved (or to be more specific: *after* the vulnerable code). <br /><br />A good hint that somebody didn't try to understand the code is seeing a request with pack('>L', readable) * 25, while 90% of the dwords packed are not even dereferenced. It simply means that there was a lack of effort in tracing and identifying which variables/parts of the packet are indeed used and how. <br /><br />Nowadays, exploitation is less and less a mater of overwriting a saved EIP on the stack, and only a few people make the constant effort of learning new tricks and improvising in unknown situations. <br /><br />I liked writing this exploit because it required a different way of thinking, yet it only took a few hours to find this way and understand it, then a few more days to get through everything, exhaustively.Kostyahttps://www.blogger.com/profile/13104454620092588028noreply@blogger.comtag:blogger.com,1999:blog-6700102380087070012.post-55923783990957525422009-10-10T14:31:17.584-04:002009-10-10T14:31:17.584-04:00This comment has been removed by the author.Matthew Wollenweberhttps://www.blogger.com/profile/08462281652941920773noreply@blogger.comtag:blogger.com,1999:blog-6700102380087070012.post-6868447286714532652009-10-10T14:31:13.798-04:002009-10-10T14:31:13.798-04:00Thanks for the update on SMBv2. Could you discuss ...Thanks for the update on SMBv2. Could you discuss the strategies Immunity used to develop a successful and reliable exploit versus what other groups attempted?Matthew Wollenweberhttps://www.blogger.com/profile/08462281652941920773noreply@blogger.com