Abstract
We propose an extensible exploit framework for automation of penetration testing (or pen-testing) without loss of safety and describe possible methods for sanitizing unreliable code in each part of the framework. The proposed framework plays a key role in implementing HackSim a pen-testing tool that remotely exploits known buffer-overflow vulnerabilities. Implementing our enhanced version of HackSim for Solaris and Windows systems, we show the advantages of our sanitized pen-testing tool in terms of safety compared with existing pen-testing tools and exploit frameworks. This work is stepping toward a systematic approach for substituting difficult parts of the labor-intensive pen-testing process. © Springer-Verlag Berlin Heidelberg 2005.
Cite
CITATION STYLE
Kwon, O. H., Lee, S. M., Lee, H., Kim, J., Kim, S. C., Nam, G. W., & Park, J. G. (2005). HackSim: An automation of penetration testing for remote buffer overflow vulnerabilities. In Lecture Notes in Computer Science (Vol. 3391, pp. 652–661). Springer Verlag. https://doi.org/10.1007/978-3-540-30582-8_68
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
