Ayuda - Búsqueda - Miembros - Calendario
Versión Completa: NOTICIAS
Foro > Wargame > Ingeniería Inversa
Shaddy
NO RESPONDER A ÉSTE POST, CUALQUIER RESPUESTA SERÁ INMEDIATAMENTE ELIMINADA

Immunity Debugger v1.0

Un nuevo Debugger ha sido lanzado. Tiene el mismo motor de OllyDBG (parece que Oleh Yuschuk vendió sus fuentes) pero bajo el nombre de Immunity Debugger ésta nueva release comienza con su version 1.0.


Immunity Debugger v1.0 (DESCARGA)

Aquí teneis un Snapshot para verlo:



y una breve descripción:

CÓDIGO
Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry\'s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

- A debugger with functionality designed specifically for the security industry
- Cuts exploit development time by 50%
- Simple, understandable interfaces
- Robust and powerful scripting language for automating intelligent debugging
- Lightweight and fast debugging to prevent corruption during complex analysis
- Connectivity to fuzzers and exploit development tools


Personalmente me ha gustado, y el nuevo Diagrama de flujo que porta está muy bien, el hecho de que pueda interactuar con Python es execelente para los Exploiters ya que ahorraría mucho trabajo a los que no utilizan tanto iDA y si OllyDBG.

Salu2...
Shaddy
ATENCIÓN CUIDADO CON IMMUNITY DEBUGGER

Se sospecha posible BackDoor

Ciertas fuentes nombran un "backdoor" (no es un troyano, simplemente recogen información de tu máquina) en este debugger, la versión lanzada por la empresa Immunity ES, recogería información sobre los posibles programas con vulnerabilidades y así hacer competencia directa a CORE una gran empresa de seguridad, que como immunity, tienen un programa para analizar vulnerabilidades ( CORE Impact, y CANVAS (Immunity ES)), por lo tanto conseguirían tener información privilegiada sobre las nuevas vulnerabilidades de los programas y lanzar y escribir los exploit antes que los demás. Como ya dije éste debugger era sobre todo enfocado hacia los exploit.

Cito la fuente de información:

CITA
Infosec researchers with the Greater Alliance of PHP
Programmers, headed by goudatr0n and in cooperation
with David Marcus, have discovered a backdoor in the
new Immunity Debugger.

1. PRODUCTS AFFECTED
Immunity Debugger (Immunity Security,
http://www.immunitysec.com/products-immdbg.shtml), All
Versions

2. OVERVIEW
The Immunity Debugger contains a backdoor that emails
session history, running applications and other system
information (location, IP address, machine Owner Name)
to
an email address at immunitysec.com

3. ANALYSYS
Immunity Security provides a lightweight debugger for
Windows, presumably to aid in discovering 0-day
security vulnerabilities. The debugger is distributed
freely on
the immunitysec.com website, requiring the user to
register when they download it.

Presumably, this debugger is intended to be used by
people searching for weaknesses in various proprietary
products, due to the unsafe nature of how they are
develope
d, where the source is not frequently audited. Since
David Aitel is an attention whore who only is rivaled
by Gadi Evron, and his lack of skills as evident,
Immunity
Security is only able to reveal 0-days by stealing
them from other hackers attempting to find them.

The backdoor emails detailed system information, along
with detailed debugging session information. In one
such email that was intercepted, it was seen that the
entir
e session was attached, as well as the Owner Name,
external IP address, a list of running services and
their versions.

4. SOLUTION
Do not trust Immunity Security's debugger. They will
steal your 0-day and parade it around like they are
the ones who discovered it. This will only continue to
feed i
nto David Aitel's massive ego, compensating for his
tiny penis.

BROUGHT TO YOU BY GOUDATR0N AND THE GREATER ALLIANCE
OF PHP PROGRAMMERS
DON'T BE DUMB
BE A SMARTY
COME AND JOIN
THE PISS PARTY

goudatr0n can be found online at irc.perl.org #perl
using the nick TimToady.



Salu2...
Esta es una versión -reducida (lo-fi)- de nuestro contenido. Para ver la versión completa con mas información, formato e imágenes, por favor haz click aquí.