Wednesday, April 23, 2014

"The Brain Stealer", Heartbleeding partial keys, etc.

One thing about bugs like Heartbleed is that they give you random memory contents. And sometimes these memory contents include an entire private key, and sometimes they do not. What can you do with a partial RSA key? Well, often you can solve using an SMT solver for the rest of the key! How cool is that? 

I mention this because it is something I did not know until yesterday, when Ronald walked me through part of the Immunity Master Class, which is being taught at INFILTRATE here in Miami next month (May 19th-23rd). And it's one thing to know that this is possible, but it's a whole different thing to have code to actually do it. 

That's why I love the Master Class, because no matter how good you are there is still a lot to learn in our industry even at the most technical level, and it's often stuff you can put directly into your high level research efforts. 

I personally grew up on Unix hacking. There are dark corners of the Solaris operating system that I'll never forget, like my first girlfriend's foibles. But I didn't realize how poorly I really knew Unix until I saw how Ronald puts the entire Kernel and Userspace together in his head when writing an exploit. So I often sit in on the Master Class to learn Unix hacking from one of the few people who I know is empirically better at it.

And of course, when it comes to SMT solvers, the whole world is still learning where they can and cannot go. As part of that, Immunity did a DARPA project to work on something called ILLITHID, which finds vulnerabilities by doing symbolic execution.

And as of today, we're announcing that because we're going to be extensively using ILLITHID (click here to see it in action) in class, students will be eligible to receive a free student license (i.e. non-commercial) for ILLITHID to take home with them. This is currently the only way you can get ILLITHID, and frankly is worth the price of admission alone!

If you're interested, send an email to and sign up or ask us for more information! (A detailed description of the class and INFILTRATE itself is here.)

Thursday, April 17, 2014

"Unethical Hacking" Training available at INFILTRATE 2014!

One thing about the Unethical Hacking training happening at INFILTRATE 2014 is the advantage technology investments have improved the way people learn buffer overflows. This class is pretty unique in that we've run hundreds of people through it who have only basic programming skills, and at the end of it they are doing assembly language, writing intermediate level Windows buffer overflows, and have an accurate picture of how the process of taking a vulnerability to an exploit works. 

Part of the secret is VisualSploit, and the 2.0 version is an amazing improvement. As you can see below, it runs within your browser, and you drag and drop the components into it to reflect your understanding of how the program stack is behaving. You're writing exploits, but naturally, without coding at all.

A simple example exploit from class - VisualSploit, Immunity Debugger and your brain are all the tools you need!

Some of the blocks wrap quite complex functionality and calculations such as a jump from one block to another one. This makes learning the whole process thousands of times easier for students who are not already assembly language experts by avoiding hard to find typos.

A much more complex version of VisualSploit - coming up with the building blocks of an exploit can take four hours, but it's an intensely educational four hours!

So in summary, by taking the requirement that you know how to code Python or some other language out of the class, it more effectively and reliably teaches people how to write exploits. You come in knowing just a little bit about programming, and you walk out a completely changed person. I've seen it hundreds of times which is why it's my favorite Immunity class to teach. It's less frustrating, and more fun, simply because we invested in the tools to make the learning process better.

So sign up or call us for more information!
(p) +1-786-220-0600