Anyone here does audit for cisco devices and research for cisco exploits? I am a researcher for cisco exploits myself and i would love to know if anyone here shares the same field as me.

http://hackathology.blogspot.com

I audit Cisco and just about anything you may connect to a network. From time to time I will find an 0day, but I don't actively search for flaws, mostly just don't have the time.

-id

get a copy of BinNavi and go to town. Cisco makes the most buggy and insecure code on the planet.

anyone who would like to work with me and can provide a license/support for both IDA and BinNavi - please post here or message me privately. i am desperately seeking to work on many Cisco vulnerability ideas I've had for the past 10+ years, but lack the tools necessary to complete the task.

however, i don't wish to work on exploits - only vulnerabilities with limited and/or crippled PoC's. however, it would be interesting to work with a shellcode / reliable exploit expert (preferably something like Mosquito, but that can go polymorphic / cross-platform) to extend Metasploit (or CANVAS, CORE Impact, etc) for Cisco/etc.

Also - anyone willing to work on an elsenot.com project for any networking-related companies, especially Cisco, Juniper, and Check Point - also please contact me.

I'm also looking for resources on ScreenOS or IPSO internals (I have tons of material on CatOS, IOS, JunOS, etc) if anyone has any pointers.

Lots to be said about this subject.

id, care to share some 0 day?

http://hackathology.blogspot.com

The only current ones I have are dos's, and I would rather not share them. However if I come across something that isn't a dos, and isn't live on a customer site, I will.

-id

thank you so much. I see if i can find myself some vulnerabilies too, but i guess its hard for me because i dun read binaries. Any new stuff, i will post it in http://hackathology.blogspot.com

http://hackathology.blogspot.com

Hey there,

if the research is sufficiently cool, we'll provide the tool.
Can you drop me an email ?

Cheers,
Halvar

Wat do u mean Halvar? U wanna write a tool based on the exploits?

http://hackathology.blogspot.com

hackathology Wrote:
-------------------------------------------------------
> Wat do u mean Halvar? U wanna write a tool based
> on the exploits?

I think he means that he can provide BinNavi, etc to people who have very interesting research.

I'd consider but I have too many projects right now and would have to re-assemble my Cisco exploit resources. Also, this is more trivial now that the Shellcoder's Handbook, 2nd Edition became available. In Chapter 13, FX has a section on reverse engineering IOS where he demonstrates how to take the IOS images apart.

My stopping point the last time that I played with IOS images under IDA Pro Advanced was to try and get named functions from the symbol table (but this didn't work even for images that included a full symbol table) in order to do Michael Lynn style analysis. It turns out that because Cisco builds their code using the GNU toolchain, the next function starts exactly where the last one ended. This has the problem where IDA fails to identify functions. On page 350, an IDAPython script is provided to convert all non-function blocks into functions that IDA can read. I left off here in June 2006, and would have to backtrack quite a bit to get to that point again. I had spent months with my head in PowerPC assembly and Cisco IOS images and bugs - and haven't spent any cycles in any of that, since its not as useful to me anymore (especially with the whole Apple Intel transition that was also going on at the time).

If I ever have any time to spend on this sort of large project again, maybe I'll contact Halvar or post more about my interest/success.