January 20, 2006 - Post-Exploit Automation
by Jeff Moss
I’m in. Now what? spoonm and company originally built a framework to research and automate advanced exploit techniques. Over time, they realized that the framework could go far beyond just the initial entrance vectors. At Black Hat Federal, spoonm and skape will talk about their new work advancing the state of the art in automated payload delivery. Watching them hide a VNC server inside your running text editor or the LSA service is pretty cool and scary at the same time.
by spoonm & skape posted January 20, 2006We have recently been on a new shellcode kick, but this time it's not about making them smaller. We're currently working on building very powerful new post-exploitation shellcode and toolkits, and a very powerful unified API to expose their functionality. This will allow us to diverge from pre-canned payloads, which will in turn allow users to quickly build powerful and portable post-exploitation tools. We have built strongly upon our Windows DLL injection, and are working on extending similar functionality to the land of Unix. We're also working hard on the next version of Metasploit, which follows this same philosophy of embedability and extensibility, allowing users to build their own tools on top of our framework. Our previous work was all about exploit frameworks. In our new approach we are really building more of a hacker tool framework, allowing very strong automation and customization.
Worms are moving to the next generation, as evidence by new research from Dave Aitel and Billy Hoffman... read more
Invisible Incidents, Invisible Risk
In this issue of the Black Page we will look at incident response. Kevin Mandia, a world recognized leader of incident response research, points out that a responder must have skills at least that of the attacker. One of the challenges to IR is discovering there is an incident to begin with. If we only look for known attacks, we will only find the moderately skilled attackers—leaving us exposed to the truly skilled adversaries... read more
The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules