The video I was looking for, it's aweosome :). Can you give a estimated left time for high end products rather than general. I mean, how much time left for memory corruption exploits in high end products like OS,Browsers (Zeroday Market Products) etc. Altough they are the first mitigation bringers, mitigations are bypassed since they are big & complex etc. Ofc I'm spesifically talking about memory corruption exploitation of them. Thanks
I don't know, at the pace things move I'd still want to say a good 10-15 years at least. There is definite progress, but really its going to stick around awhile too. I think in the video I predicted something like 20 years for binary exploitation in general but I think that was a bit too shortshighted of me. ~zi
These days it seems like you can either go and learn a bunch of exploits and payloads in blackarch and kali or you can actually try to develop them but both seems very far to hard to really work with and study because they are breaking and stop working or very hard to manipulate while using them , and are they fit for hybrid environments ? , like what if you trying to pen test an enterprise environment with multiple users 1000 in hybrid environment with sso protection and MFA / 2FA , it really became to complex IMO
I don't see why not. vulnerabilities exist on the stack and the heap. There are a lot more potential issues with longer lived memory on the heap than on the stack which only live as long as the stack frame does.
I'm not sure, but it does feel like mobile systems are in the strongest position to actually do so though. With rapid development pace for the software and hardware and active work being done to make vulnerabilities less impactful. I doubt things will reach a point where there is no mobile attacks at all, even as things are secured against various attacks there are still just human errors and issues thinking through things that can lead to bugs that will remain because they are not technical but logical issues. ~zi
I'm really confused how to start exploit development... What should I do once I get a good grasp on C and assembly... Also what resources should I refer to as you'll said that the present resources don't focus on modern issues.
I don't entirely agree with only focusing on resources that focus on modern issues. For example, most modern exploits don't really require writing custom shellcode anymore. DEP kinda killed that off, instead code-reuse attacks are used to find little pieces of existing code and chain them together to do what your shellcode would have done. To do that you still need to understand how you might craft your shellcode, but you do it with the pieces you're given from the program instead of any assembly you want, so you need to be more creative. So skipping ahead to just learn ROP chains or something could perhaps be done, but you're missing out. This is true in a lot of areas, the older exploits might not be how things are done anymore, but modern stuff builds off the older ideas it helps to understand where we came from. I have a blog post that talks about my opinion on getting started: dayzerosec.com/blog/2021/02/02/getting-started.html with a number of resources. Though if you just want something streamlined that is a bit more modern focus, check out pwn.college ~zi
I'll preface this by saying malware is not an area I'm well versed in. While viruses and rootkits might depend on exploits for their initial foothold and privilege escalation. I don't think it'll face the same challenges that binary-level exploitation will, because apart from those couple points, malware is just software. Some of the obfuscation, hooking and injection tricks might change due to exploit mitigations but on a whole I don't think we are too close to seeing malware disappear. Even if binary exploitation disappeared, there are other types of exploits that can fill the gap for the needs of malware. That said, there have been mitigations introduced that I'm less familiar with that don't target exploits but target the persistence and evasion techniques used by malware largely by enforcing of validating the integrity of various structures or the code itself. These will present a challenge, but its a lot harder to eliminate because ultimately its just software with a malicious purpose and you cant entirely eliminate software, can make the persistence and access/isolation difficult though.
![DAY[0]](http://yt3.ggpht.com/ytc/AIdro_mXMUwRWARMSAmZTNdUj9B6-sghVswofTyCLjpo42aByQ=s48-c-k-c0x00ffffff-no-rj)
![DAY[0] Discussion - Learn Exploit Development While Not Dying](http://i.ytimg.com/vi/Eu9eArjLS_E/mqdefault.jpg)
Thanks for the discussion guys. It's a bit sad, but we move along and find new fun ways to break stuff ;)
The video I was looking for, it's aweosome :). Can you give a estimated left time for high end products rather than general. I mean, how much time left for memory corruption exploits in high end products like OS,Browsers (Zeroday Market Products) etc. Altough they are the first mitigation bringers, mitigations are bypassed since they are big & complex etc. Ofc I'm spesifically talking about memory corruption exploitation of them. Thanks
I don't know, at the pace things move I'd still want to say a good 10-15 years at least. There is definite progress, but really its going to stick around awhile too. I think in the video I predicted something like 20 years for binary exploitation in general but I think that was a bit too shortshighted of me. ~zi
Great topic and great video, like always!
Sad :
Want to know about the 2 legends who disliked this video 😎
Thanks! Love the podcast.
These days it seems like you can either go and learn a bunch of exploits and payloads in blackarch and kali or you can actually try to develop them but both seems very far to hard to really work with and study because they are breaking and stop working or very hard to manipulate while using them , and are they fit for hybrid environments ? , like what if you trying to pen test an enterprise environment with multiple users 1000 in hybrid environment with sso protection and MFA / 2FA , it really became to complex IMO
I got to say this is the most hardcore channel of hacking I've ever seen, GREAT JOB!!!
The ARM desktop already exists :P
is Heap exploit still a thing in future?
I don't see why not. vulnerabilities exist on the stack and the heap. There are a lot more potential issues with longer lived memory on the heap than on the stack which only live as long as the stack frame does.
@@dayzerosec thanks for your reply and video!
Are there any hope to have kernel exploit for 8.03 in future?
Thanks
Will mobile phone penetration end in the future?
I'm not sure, but it does feel like mobile systems are in the strongest position to actually do so though. With rapid development pace for the software and hardware and active work being done to make vulnerabilities less impactful. I doubt things will reach a point where there is no mobile attacks at all, even as things are secured against various attacks there are still just human errors and issues thinking through things that can lead to bugs that will remain because they are not technical but logical issues. ~zi
@@dayzerosec I mean, will it end and there is no way to hack phones, or will it be very difficult?
I'm really confused how to start exploit development...
What should I do once I get a good grasp on C and assembly...
Also what resources should I refer to as you'll said that the present resources don't focus on modern issues.
I don't entirely agree with only focusing on resources that focus on modern issues. For example, most modern exploits don't really require writing custom shellcode anymore. DEP kinda killed that off, instead code-reuse attacks are used to find little pieces of existing code and chain them together to do what your shellcode would have done. To do that you still need to understand how you might craft your shellcode, but you do it with the pieces you're given from the program instead of any assembly you want, so you need to be more creative. So skipping ahead to just learn ROP chains or something could perhaps be done, but you're missing out.
This is true in a lot of areas, the older exploits might not be how things are done anymore, but modern stuff builds off the older ideas it helps to understand where we came from.
I have a blog post that talks about my opinion on getting started: dayzerosec.com/blog/2021/02/02/getting-started.html with a number of resources. Though if you just want something streamlined that is a bit more modern focus, check out pwn.college ~zi
I got your 7.55 exploit thank you We love your exploits ❤️
What about viruses and rootkits?
I'll preface this by saying malware is not an area I'm well versed in. While viruses and rootkits might depend on exploits for their initial foothold and privilege escalation. I don't think it'll face the same challenges that binary-level exploitation will, because apart from those couple points, malware is just software. Some of the obfuscation, hooking and injection tricks might change due to exploit mitigations but on a whole I don't think we are too close to seeing malware disappear. Even if binary exploitation disappeared, there are other types of exploits that can fill the gap for the needs of malware.
That said, there have been mitigations introduced that I'm less familiar with that don't target exploits but target the persistence and evasion techniques used by malware largely by enforcing of validating the integrity of various structures or the code itself. These will present a challenge, but its a lot harder to eliminate because ultimately its just software with a malicious purpose and you cant entirely eliminate software, can make the persistence and access/isolation difficult though.