Dailydave mailing list archives
Re: Immunity Certified Network Offense Professional
From: root <root_ () fibertel com ar>
Date: Mon, 14 Jul 2008 04:23:31 -0300
In my short experience finding bugs and exploiting them, i have found that the task of writing a reliable exploit is *orders of magnitude* more complex and require much more experience than the required to only find a bug. Anyone can fire a fuzer, find a bug and tell their client about how exploitable it is. People then will talk about ret-to-libc and malloc tricks that really don't work anymore in modern systems. IMHO, only somebody with the technical expertise to write the actual exploit can know the real extent of the vulnerability. Sorry the rant, is late here :) Thomas Ptacek wrote:
I would generally agree that anyone selling themselves as a pen-tester should be able to pass this -- but not at the exclusion of also being able to identify poor use of crypto, architectural failures or web application vulnerabilities. Maybe the dispute here is in understanding what the purpose of this certification is.No, see, I'm saying something different --- I'm saying that people who sell themselves as pen-testers DO NOT need the skills this test looks for. Ability to FIND overflows is more valuable than the ability to EXPLOIT them.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Immunity Certified Network Offense Professional, (continued)
- Re: Immunity Certified Network Offense Professional Dave Aitel (Jul 12)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional Pusscat (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional matthew wollenweber (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional val smith (Jul 14)
- Re: Immunity Certified Network Offense Professional Paul Melson (Jul 13)
- Re: Immunity Certified Network Offense Professional drraid (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional root (Jul 14)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 14)
- Re: Immunity Certified Network Offense Professional Paul Melson (Jul 14)
- Re: Immunity Certified Network Offense Professional val smith (Jul 15)
- Re: Immunity Certified Network Offense Professional Dino A. Dai Zovi (Jul 16)
- Re: Immunity Certified Network Offense Professional val smith (Jul 16)
- Re: Immunity Certified Network Offense Professional Pete Herzog (Jul 16)
- Re: Immunity Certified Network Offense Professional Adam Shostack (Jul 16)
- Re: Immunity Certified Network Offense Professional Joanna Rutkowska (Jul 17)