Re: Penetration Testing vs the academic world

[Leandro Quibem Magnabosco <leandroqm () GMAIL COM>]

Hello!

2012/1/12 Morrow Long <morrow.long () yale edu>

> I recommending talk to faculty in the computer science departments at
> major universities.
Sure thing. I'll do that.


> But, as a practitioner, here is some fertile ground for Master’s Thesis
> research papers in the area of computer and network penetration testing
> (AKA ‘extreme’ vulnerability testing):****
>
> **·         **Building automated tools for maximum or complete test
> coverage.****
>
> **·         **Proving the effectiveness of formal network penetration
> testing methodologies and frameworks.****
>
> **·         **Analysis on how attackers attempt to break into computers
> (using honeypots or honeynets) in order to model their behavior using
> penetration testing.****
>
> **·         **Proving or dispelling the practice/control/myth of password
> controls (quality, aging, etc.).  Our faculty users are always asking us
> for peer-reviewed academic research papers showing us why they should have
> to change their password (every year).  Unfortunately the best known recent
> paper on this topic by Microsoft researcher Cormac Herley and Paul C. van
> Oorschot (Carleton University, Ottawa, Canada) unfortunately tends to prove
> the opposite (that the cost and effort of password quality and aging often
> apparently aren’t worth it).  I need someone to write a paper to prove that
> they are worth it – so will you go ahead and write it?   [Just kidding…..]
> http://research.microsoft.com/apps/pubs/?id=154077
> http://research.microsoft.com/pubs/154077/Persistence-authorcopy.pdf
> (Preprint)****
>
> **·         **I think another great research topic is on social
> engineering via social networks for penetration testing.  Just for fun here
> is what I was able to find out what public information was on the Internet
> about you from some quick research / recon :****
>
> **o   **Google+ page : https://plus.google.com/104286409358585115635/about
> ****
>
> **§  **There are 249 people’s photos and names listed in your Google+
> ‘circles’.  You may want to tighten this down.****
>
> **§  **There are another 244 people’s photos and names in which you are
> listed in their Google+ ‘circles’.****
>
> **o   **Google Buzz:
> https://profiles.google.com/104286409358585115635/buzz  - mostly links to
> a number of YouTube and other videos****
>
> **o   **Picasa web album:
> https://plus.google.com/photos/104286409358585115635/albums?banner=pwa
> - almost no photos****
>
> **o   **YouTube Channel:           http://www.youtube.com/user/leandroqm**
> **
>
> **§  **You’ve uploaded 39 videos (they appear to be videos of your
> family) and listed 261 videos as your favorite.****
>
> **o   **Facebook:           http://www.facebook.com/leandroqm****
>
> **§  **You were born on June 27, 1982. Come from 
> Joaçaba<http://www.facebook.com/pages/Joa%C3%A7aba/111452215538605>in Brazil.  Live currently in Florianópolis,
> Santa Catarina<http://www.facebook.com/pages/Florian%C3%B3polis-Santa-Catarina/106339232734991>,
> Brazil. You went to high school at the Colégio Coração de 
> Jesus<http://www.facebook.com/pages/Col%C3%A9gio-Cora%C3%A7%C3%A3o-de-Jesus/102128923162345>.
> You like bicycling.****
>
> **§  **In music you like : Disturbed, Mudvayne, Phanatic, David Guetta
> and deadmau5.****
>
> **§  **In movies you like anime and sci fi.  There is a list of movies
> and books (including some info security books).****
>
> **§  **You know Brazilian (Portuguese), Spanish, Japanese, English.****
>
> **§  **You appear to be identifying yourself as an atheist (but you are
> fairly young yet and that could change).****
>
> **o   **Twitter:                http://twitter.com/leandroqm****
>
> **§  **You want to graduate with a Ph.D. and become a full-time pen
> tester and web apps security researcher.****
>
> **§  **You were asking about persistent threats as a research topic for a
> paper back in November.****
>
> **o   **About.me:          http://about.me/leandroqm****
>
> **o   **Foursquare:       https://foursquare.com/leandroqm****
>
> **§  **You ate at an Outback Steakhouse in Curitiba, PR and had an
> excellent house salad and thought the waitress Angel was an angel.****
>
> **o   **LinkedIn:
> http://www.linkedin.com/pub/leandro-magnabosco/15/54b/90a  (244
> connections)****
>
> **§  **You are a Master’s student in Computer Science at Universidade
> Federal de Santa Catarina (ufsc.br) which you entered in 2011 and from
> which you hope to graduate in 2014****
>
> **§  **Previously you attended :****
>
> **·         **Senai - Centro de Tecnologia em Automação e Informática****
>
> **·         **Universidade do Sul de Santa Catarina  (undergraduate?)****
>
> **§  **You’ve worked as a consultant in the past for TIForte (2010/6 –
> 2011/10) and FCDL/SC (2009/6 – 2010/3).****
>
> **§  **…****
>
> Morrow****
>
> ** **
The first ones are more the style I'm looking for, so thank you.
I liked all your suggestions, thought some of them fits better in the
industry world.

Still taking more suggestions, if anyone have it! :)

Thanks!