Business
Black Hat, Day 2: DTrace, (un)Smashing the Stack, Cisco IOS Forensics
Day 2 is done and Black Hat is wrapped up. The second day of talks was power-packed with some really great presentations.
Day 2 is done and Black Hat is wrapped up. The second day of talks was power-packed with some really great presentations. Despite a wicked night of celebration after my successful talk, I still managed to turn up on time for the "DTRACE: The Reverse Engineer's Unexpected Swiss Army Knife" talk by my new friends Tiller Beauchamp and David Weston. This talk was especially interesting to me due to recent difficulties I had with trying to write exploit code for the iPhoto format string flaw that I recently reported. Being a new Mac user and trying to perform vulnerability research is a pain -- basically I was using gdb exclusively (there are probably a number of better ways) which was not a comfortable transition for someone who is primarily an OllyDbg user. One of the biggest difficulties I had with my iPhoto flaw was trying to determine where in the process space my user-controlled string was located. I met with David and Tiller on Day 1 at the bar and with three or four lines of probe code for DTRACE, we'd found everything we needed and were well on our way to developing exploit code.
So what is DTRACE?
So what is DTRACE?
- A kernel based dynamic tracing tool
- Can work in user-land and kernel-land, in fact it can do so at the same time
- Allows the creation of "probes" that give a great amount of control over what is going to be found
- Lot's of other technical details, ask Sun or Tiller and David for more