Dailydave mailing list archives
Punching above your weight class
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 03 May 2007 11:05:33 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The best hacker teams in the world right now may belong to organized crime groups. In my spare time in between packing lunch boxes and cleaning the floor under the high chair, I've been thinking about ways in which these organizations differ from most commercial companies who do penetration testing. A company has a rather large budget, dedicated infrastructure, and an experienced and skilled staff. So why do so many of them fight like flabby novices? The fact is, giving someone a LOT of money, and a big mission to solve, often gives them a good excuse to get fat and useless. I don't know how to solve your problem if you're a hundred million dollar attack team yet. But if you're at ten million or less, these are the rules I've come up with. Six Rules for Punching Above Your Weight Class: o Never use an exploit in the wild you don't completely understand. If you can't debug it on the fly, you can't use it o Don't split up research from attack. Your research team needs to be focused on the mission. o Develop a fast-reaction team that can hit easy or very time critical vulnerabilities within 8 hours or less. o Be target focused o Develop technical partnerships with other people who can write exploits. There just aren't that many of them. o One team, one mission. People naturally want to work on only Windows or only Unix, but that's not the way to success. Find people who can work on the whole picture. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGOfo7B8JNm+PA+iURAmnWAJ9fMkFiaNwsiOsiKUqgq2p3bJsv9QCg6u+7 Yc5yKpsBP3b857WvhQRtXkc= =rzBU -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Punching above your weight class Dave Aitel (May 03)
- Re: Punching above your weight class Adriel T. Desautels (May 07)
- Re: Punching above your weight class Security Admin (NetSec) (May 08)
- Message not available
- Fwd: Punching above your weight class Xu He (May 08)
- Re: Punching above your weight class Adriel T. Desautels (May 07)