Topic: - on September 5, 2002 at 4:00:35 AM CEST
Exploit Modelling and Generalization
Exploit writing has been done for a long time, and much time and energy is consumed by those writing them. Most of the time exploits are variations on the same principles most of the time. Even if we accept this as 'truth', we see that pieces of code are written from scratch time and time again, and the same sort of calculations and techniques are performed most of the time. The impact of this has two sides, first of all lots of energy is wasted, since the writing could have cost the author much less time, the second is that most of the time the author seems happy with his achievements and is not planning to go and waste more energy implementing ease-of-use and more reliable use for something that's going to be fixed only few days after the vulnerability has been disclosed. This paper tries to generalize exploitation principles and also strives to build a non-formal exploitation model for use in buffer overflow and format string exploit building.
... Comment
