1.

2. Exploit Frameworks 3. whoami David Calligaris

Senior Security Research @emaze.net

Penetration Tester

Exploit Writer

Code Auditor

Iplegion developer

4. Exploit ???What is an Exploit ??? 5. A framework ? 6. Why we need an Exploit Framework ?

Penetration Testing

IDS / IPS Testing

Exploit Portability

Fast Development

Funny / Study

7. Core Impact

Commercial Product (Core SDI)

No developer version

Windows

C++ & Python

Private Exploits

Powerful GUI

Easy to Use

8. Core Impact 9. Immunity Canvas

Commercial Product (Immunity Inc)

Windows / Linux / OSX

Pure Python

Private Exploits

0day Vulnerabilities

GUI

Additional 0days packs (Gleg - Argeniss)

10. Immunity Canvas 11. Metasploit III (msf3)

Open Source (MSF Licence)

Windows / Linux / OSX

Ruby / C / C++

Lot of Documentation

Beta GUI

Beta Web Interface

12. Metasploit III (msf3) 13. Metasploit IIILive Demo 14. Writing Exploits 15. How to get msf3 SVN How to get msf3 16. What We Need

Knowledge of Exploitation Techniques

Minimal Ruby Knowledge

Debugger (Ollydbg Windbg)

Funny

17. Exploit Analisi sidvault.rb 18. Attach OllyDbg 19. Find Offset With msf3 Utils 20. Find Offset With msf3 Utils 21. Find Offset With msf3 Utils 22. Take Control Of EIP 23. Take Control Of EIP 24. Check BadChars 25. Find A Valid Opcode 26. Find A Valid Opcode 27. Exploit 28. Exploit 29. Contacts David Calligaris [email_address] Send Your Resume We Are Hiring [email_address]