Wednesday, May 19, 2010

4 reasons to write your own security tools

So I was on a client's site few days ago before the beginning of the IDLELO conference. As the IT Manager watched me launch a few routine attacks from what looked like a rather strange application developed by d3vnull, he asked, "I have never seen this application called tuxbeast where can I download it from?". I smiled and said,"the sources are not available yet because I'm still working on perfecting some functions and making them more easy to use".

As a Security Analyst, I find some initial task as routine depending on the environment. I will list about 4 reasons why its essential that Security Analyst, Pentesters and Experts write their own tools at some point or modify existing ones if they have the time.

1. It shows you understand what you are doing: To construct a local attack, you need to understand what you are doing and what you are attacking. The motivation behind writing your own tools lies in the fact that, your tool can only work as expected if understand the mechanics and tiny details needed in an attack. If your tool is successful at an attack which has a known vulnerability, then you can be assured you are on the right path as a Security Personnel.

2. It simplifies your assessment task: When you write tools on your own, its very easy to automate them in loops or any other mechanism you put in place. Generating reports is even more easier to do as your tool produces reports to either stdout or file.

3. You improve your skills: Over time your understanding of various attack vectors in various environments under time makes you very proficient in the security field and enhances your knowledge on a broader scope.

4. Proficiency in programming steps to advance: Writing tools can be a very complex and challenging task especially when the attack is a complex one. This usually requires the learning of new programming constructs or embedding of other constructs in your code base.
For example, being more proficient with C, there are lots of shell codes that you can inject into some exploit code before launching them at a client's node. Over the years, your understanding of creating various shell codes will have improved to an advanced level.

So go ahead, start learning how to write your own tools.. it doesn't always matter the language, so long as its Open Source.

BR(d3vnull);