Exploits in the Fast LaneExploits in the Fast Lane
New tool from Immunity promises to cut exploit development time by half
August 8, 2007
3:10 PM -- I love this time of year. No, not summer, but the weeks surrounding the Black Hat and DefCon conferences. It's during this time, more than any other part of the year, that we get a chance to see and test some of the most creative tools, exploits, and applications developed by the security research community.
One of the tools I've been looking forward to is the Immunity Debugger, an app which can analyze malware and reverse engineer applications for exploit development. According Immunity, the tool can cut exploit development time by 50 percent.
If Immunity's claims prove true, the tool could have an impact on the frequency of vulnerabilities discovered and exploits published in the coming months. Researchers could have more time to hunt for vulnerabilities if their exploit development time is halved.
The debugger was launched on Friday, during a presentation by Immunity's Damian Gomez at DefCon. Based on Immunity's track record, I think there's a good chance it will be a winner. I'll be interested to see how the security community reacts to it, since the current standard, IDA Pro, costs about $500, while Immunity Debugger is free.
Immunity Debugger has a good chance for broad acceptance. It is based on the source code from OllyDbg, a free tool that currently runs a close second to IDA Pro. According to a blog post by TippingPoint's Pedram Amini, all Immunity did was "purchase the OllyDbg source code, drop Python into it and create a slew of tools and libraries on top of it all."
Sounds like a winner to me.
-- John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
5 Reasons To Move your PKI Deployment to the Cloud