Fuck Tools – frank^2
Doing stuff on your own makes you learn stuff.
- They make things easier
- They make things faster
- They make it so that you don’t have to learn the deep details
- They make it so you don’t know the deep details
- They also force you to think in a very controlled environment
- Tools are sometimes too focused
At the end you end up with a bunch of tools that don’t do quite what you need unless you string them all together
Why write your own tool? You could be smarter, you could be cleverer, or the tool might not exist.
So you could write your own tool…
But that could be SLOW, maybe you don’t have the experience either… do you have the right resources to accomplish this?
So what do you do?
By developing a tool you’re learning things. Some things stay in memory after all.
This means next time you’ll be better, quicker!
plus you get to learn how the program, flaw and tool really works. Knowledge is power.
Knowing the ins and outs of how to exploit something will always be better than knowing how to use a tool.
Because you want to learn
A toolkit cluster fuck is much less elegant than a custom coded script to do the job
Other tools are buggy
Why wait for another sucker to write your tool?
Why shouldn’t you?
Because sometime reinventing the wheel isn’t worth it?
How will your tool be better? Maybe it won’t!
Do It Yourself vs riding that tool
OllyDBG vs PyDBG
Stuck in the boundaries of what the coder wants, vs doing what you want!
PyDBG lets you control what you want and how you want to do it.
PyDBG simple presents you with the tools by which to perform debugging, then expects YOU to write what you want next!
You get to learn how programs really run
You open your mind!
Fuzzers vs Peach v You
If you download a fuzzer you’re doing it wrong!
If you run another persons fuzzer, you’re finding the same bugs he found
Peach however lets you tailor what you want to fuzz and how you want to do it.
But Peach is still a tool, doing its things, its way
There are all sorts of bugs that fuzzers won’t find… Maybe it’s best to write your own fuzzer?
Fuzzers: Great for low hanging fruit
Peach: When you’re looking for fuzzable bugs
You: When you want to be a ninja
How does point-click-own make you a better tester!
Metasploit gives you a lot of other features… use them
Great framework for creating shellcode and creating PoC
Metasploit can help you become a ninja
The Bottom Line
There’s a fine line between using a tool and writing your own
When there’s no time and resources to learn or there’s nothing to learn, then just use a tool
When you have the time, want to learn and be a ninja, write your own tool
If you learn how a task is solved, instead of learning how a tool works you’ll be better for it!