User: Password:
|
|
Subscribe / Log in / New account

LUA!

From:  Dave Aitel <dave-AT-immunityinc.com>
To:  dailydave-AT-lists.immunityinc.com
Subject:  LUA!
Date:  Tue, 01 Nov 2011 11:50:27 -0400
Message-ID:  <4EB01543.4090702@immunityinc.com>
Archive-link:  Article

Everyone basically ignores LUA <http://www.lua.org/about.html> as much
as possible - not as useful for large projects as Python or Ruby, not as
fast as C. But eventually every big C project wants a scripting
language, and they look around at licensing and features and choose LUA.

Wireshark is the obvious example, but LUA is small enough that it's a
natural fit for trojans as well - especially trojans that are embedded
into the memory space of something else (Outlook or your kernel, for
example).

I notice that as of today D2 includes a LUA trojan, and that
WhitePhosphorus includes an exploit for the Wireshark LUA problem. Both
of which are fun to test!

-- 
INFILTRATE 2012 January 12th-13th in Miami - the world's best offensive information security
conference.
www.infiltratecon.com

_______________________________________________
Dailydave mailing list
Dailydave@lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave


(Log in to post comments)


Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds