Abstract
We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process.
Original language | English |
---|---|
Pages (from-to) | 652-661 |
Number of pages | 10 |
Journal | Lecture Notes in Computer Science |
Volume | 3391 |
DOIs | |
Publication status | Published - 2005 |
Event | International Conference on Information Networking, ICOIN 2005 - Jeju Island, Korea, Republic of Duration: 2005 Jan 31 → 2005 Feb 2 |
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)