-atlas wandering-
Bloggorama for breaking things
\
- /(38)
Subscribe
Subscribe
to a (RSS) feed of this weblog.
Tue, 16 Jan 2007
new Years(update);
Hey all,
Life is rockin'
I'm sittin' in my favorite coffeeshop, the morningstar76, soaking up all the smoke and other nasal inhalants, and thinking about how life is good. I have many things to type and little time to type them, so buckle your safety-belt we're headin' for ludicrous speed.
vtrace/vdb
One of the reasons I'm fairly good mooded this fine evening is because of some fun I've been having with some new tools from Invisigoth. If you should be reading this entry you should know who Invisigoth is, for those of you still clueless, he's just about the 'leetest d00d I know (and I know some pretty amazing folk). Called "vdb" and "vtrace", Visi's new toys are comprised of a nearly full-Python debugger and debugging interface respectively. No, the "v" does not mean "visi", but one of the few names that could be better... "vulnerability". Visi wrote a nearly-platform independant debugging interface specifically for the purpose of funding and exploiting vulns. Yes, I know that all debuggers can be used to find vulns.... but how many of them have been written with that express intent?
vdb is a decent front-end for vtrace. It looks really sweet. (bugs cost extra... so don't complain) To be honest, I've not used it much, having been much more happy about vtrace.
vtrace is the programmatic debugging interface for Python. This means that some of the most fun schtuff you can do is now available in the best language available. I'm just getting the hang of programmatic debugging, having longed for such ever since teaching myself how to use GDB. No knocks on GDB, but it's kinda like having to learn a new language.... Why not just use Python? I say that vtrace is "nearly" platform independant. What that means is that Visi has written it to work on Linux, Windows, Mac, BSD, and Solaris. W0W, eh? Posix environments he wraps the native ptrace (and you can see a lot of ptrace-like thinking in the architecture). On Windows, he hooks dbghelp.dll and psapi. So whether you're hacking Windows or Linux, you can use the same interface. SWEET!
I like to use Python interactively. It's one of the best ways to be powerful from a commandline, even surpassing the power of BASH (yes, BASH is powerful... just ask psifertex about bruting crypo in BASH - the freak!). With python/vtrace, I can figure out what I'm thinking, then back up, and copy it all into a script and make it pretty (cmdline args, subs, etc..)
Programmatic debugging, however, is quite a trip. I'm just getting into it, but having my python objects handle breakpoints and notifications is pretty rockin. Visi told me at the start "think about what you want to do before you start..." Well, that's been tough until now because I haven't understood what I *can* do. But between tinkering, and playing with the example code he includes (thanks visi!) I'm getting the hang of it. Furthermore, since it's Python and he's released the .py files, I am able to understand the magic happening underneath (because I want to). Well done, my friend. Get vtrace and vdb here
job update
Y'all already know that I changed jobs about four months ago. The job is great. The travel is good, but not overwhelming. The folken are *exceptional*, allowing me to work beside some great names. I'm getting to hack at many different levels (and I mean MANY). Some of the work is using tools like Disass, vtrace, and IDA. Other work has used SysInternals Winders surface tools. Still other work has involved consulting about security architecture and pen testing (using other folkens sploits... ew... ;)
teaching
Many of you know that I've done some teaching for SANS in the past. Well, I get to teach the Hacker Techniques course again in a couple months. I'm looking forward to that. Ed Skoudis has always maintained a great course, and they've added to the bene's yet again! This past revision of the course has included more, earlier hands-on (thanks to a lot of feedback!) and day-three (Exploitation Day 1) even includes some hands-on Buffer Overflow and Format String Exception stuff! SWEET! Well done, Ed. Students don't need to be 'leet to understand it, which is the beauty and elegance of it all. oh, and I submitted a Metasploit 3.0 module to exploit his hands-on binary :) There's a chance it'll find it's way into the curriculum...
toplap
The end of November witnessed the passing of a very dear friend, affectionately known as Lady Arwen. Yes, my friends... Lady Arwen met her d00m much the way of the D0d0... kersplat into the ground. Arwen was a 2.8GHz/1GB/100GB/15.1" Dell Inspiron 1150 from about two years ago. And a wonderful laptop she has been. It was with great sadness that I had to put her to rest. She flew off the roof of the family van at abou 50mph and took on dirt attempting to skip across a corn field between church and home. Only survivor (oddly enough) was the hard drive!
I first replaced her with a used Dell Latitude C640... nice machine, but PCMCIA was bad... and that was vital. I replaced that (after taking it back for a full refund) with an AMAZING maching with an ugly name. I was hit by a SHPAM (That's nearly-solicited email) about refurbed Toshiba QOSMIO's for a great deal. If you're not familiar with the QOSMIO, Wow, it's awesome. 17.1" wide-aspect entertainment screen, TV-tuner, Remote, non-laptop sound, a built-in mediaplayer (ie. no OS boot required), and a short battery-life. New batteries for me have to last at least 3.5-4 hours. At 1.5hours it was unacceptible. After attempted fraud from an ebay auction, I found that my parents needed an upgrade and an entertainment center for the motorhouse. Nice.
Finally, I believe I've found my new mate. Since my wife already labels my computers "the other woman" I have to pick wisely, no? Just after Christmas I found an HP Pavilion DV6000t. "DV" means "entertainment center", although I opted out of the TV tuner and remote control. I need this for hacking, right? I don't have time for TV! Especially when I should be reversing. (I have a tower for recording shows - MythTV rox). The new machine is a 15.4" screen (nicer to my fellow plane-mates), CoreDuo/1.733/80GB/512MB. So it has a bubble-butt... who cares. I bought the 12-cell battery, and you can make fun of it all you want. I'm getting 4+ hours on a Dual-core machine... I love the screen and everything. Kubuntu seems to like it too. :)
cable/biz internet
I'm not sure all of you know this, but getting broadband to my home was no small feat. After being rejected by AT&T for the T1 line I ordered, I went searching for a candidate to get broadband in my area then wifi-bridge it back to my home. I pay, they play. While searching, I called Charter cable. Known for it's headaches and infected machines, I was just trolling for somebody close enough to get me within 5-10 miles for the bridge. I supposed the sales-guy a fool when he said they might be able to get directly to me... but I humored him. DSL and Cable companies typically have responded with "You life WHERE?" whenever I've sought broadband in the past. Sure enough, the surveyor said "no dice" when he came out pre-install. To my great surprise, the cable main line ran right across the nearest road to me, but my private drive was too long for them to consider it. I asked him how much money "no dice" meant (I was desperate, and shocked at the new possibilities). He quoted me a rough estimate of $4k to install. Ouch. The actual estimate was just over $3800. Ouch... With a wrenching in my gut I told him to put in the order. He went to bat for me. Awesome guy... He came back with possible technical difficulties about power and signal.... I was nervous when he called back the next day. He called to tell me that the power wasn't a problem, and that his boss authorized some cost cuts, taking my costs down to about $3k-ish. When I asked if that was the best we could do, he suggested I ran the line myself. The install would finish faster, cheaper, and be more reliable since I would trench and they would be hanging on power polls... which requires all sorts of permits, etc... Done. The next week I rented a trencher, had my heart-attack-recovering dad out to help, and we ran roughly 1300ft of underground cable. The installer was awesome as well. When he heard my story, and my costs, he did the install himself, at no additional cost to me... they normally contract out the work and charge the customer. SWEET!
The only bad part about Charter is their abismal residential support, and the fact that they block ports inbound and outbound. Solution: pay extra for business Internet. Their business support is great (I got a guy out of MN who told me all about the infrastructure in my area, what routers and locations we hop through to get on the SONET, etc...) and I now have a static IP. Their offerings are still not great (I'm on 3M/1M for under $100/mo) but it's better than ISDN :)
refugees
The final temporal craziness in my world lately (aside from kids and stuff), my wife took on the responsibility for a refugee family. The local church owns the project, but my wife is the buck-stopper. This family is from Rwanda, and it's been awesome, and draining. Basically the project consists of paying some of the monetary costs, helping them get registered for health-stuff, social security, temporary assistance, ESL (English as a Second Language), helping them with housing, furnishing, and job-hunting. There are several "Coordinators" which are responsible for certain areas of the project, but it's all my wife's responsibility. I'm really proud of her, since she's normally crazy-averse. It's been plenty of that. :)
Typically, refugees are self-sufficient within 4-6 months (HOLY TEMPORAL LOBE BATMAN!). They're hard-working, and understand that it takes work to survive. I hope they can teach some Americans that while they're here. The family is great. The dad speaks Rwandan and French. I speak spanish, so learning French was mind-bending as a crash-course, but started to make a bit of sense after a week. They stayed with my family for the first week since they flew in just before Christmas... We didn't want them getting lostin the holiday shuffle.
Anyway, that's much of life lately. Sorry it's been so long. My two loyal fans will appreciate the update. The rest have probably already dropped my RSS feed... Here's to the two of you. ;)
OH! I have been busily working on Disass-2.3 and 3.0 (yes, I know, you haven't seem 2.1 or 2.2) and the @UtilityBelt has been getting some attention. Hopefully you'll see some of the vtrace fun in the next release. Disass-3.0 should have a new python-based disassembler so objdump should no longer be necessary. Lots of other work going on. But those are the highlights.
Ciao,
@
[] permanent link / /
| |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||