informa
/
Attacks/Breaches
News

Exploits in the Fast Lane

New tool from Immunity promises to cut exploit development time by half

3:10 PM -- I love this time of year. No, not summer, but the weeks surrounding the Black Hat and DefCon conferences. It's during this time, more than any other part of the year, that we get a chance to see and test some of the most creative tools, exploits, and applications developed by the security research community.

One of the tools I've been looking forward to is the Immunity Debugger, an app which can analyze malware and reverse engineer applications for exploit development. According Immunity, the tool can cut exploit development time by 50 percent.

If Immunity's claims prove true, the tool could have an impact on the frequency of vulnerabilities discovered and exploits published in the coming months. Researchers could have more time to hunt for vulnerabilities if their exploit development time is halved.

The debugger was launched on Friday, during a presentation by Immunity's Damian Gomez at DefCon. Based on Immunity's track record, I think there's a good chance it will be a winner. I'll be interested to see how the security community reacts to it, since the current standard, IDA Pro, costs about $500, while Immunity Debugger is free.

Immunity Debugger has a good chance for broad acceptance. It is based on the source code from OllyDbg, a free tool that currently runs a close second to IDA Pro. According to a blog post by TippingPoint's Pedram Amini, all Immunity did was "purchase the OllyDbg source code, drop Python into it and create a slew of tools and libraries on top of it all."

Sounds like a winner to me.

-- John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5