Backtrack Foo (From Bug to 0day) Defcon 16

In this video Mati of Backtrack fame runs us through the development of an exploit from the discovery to the actual shell code creation and the final exploitation phase. And all in 35 mins!

This is probably one of the best talks i have seen in recent times. One can clearly see why Mati is regarded as one of the best security professionals around. In this talk given at Defcon 16, titled "Backtrack Foo - From Bug to 0day", Mati runs us through an entire exploit development cycle using the windows based HP NNM system. He discloses that even though this was a serious exploit and many systems on the Interent remain unpatched, it was not even awarded an CVE.

The video starts with a port scan and a fuzzing exercise using which the exploit in the Ovas service on the HP NNM was discovered. The Ovas service is actually a web server running on the system. The rest of the exploit development process is done by using the Ollydbg utility. and how they manage to get a remote shell after trying out various different techniques.

A high resolution version of the video is available for download here.

Anonymous Submission