Re: Techniques for Vulneability discovery

[LS <hydrax () netvision net il>]

Hi all (corrected for the lists..),

How about applying reverse engineering techniques in order to discover
potential security holes ?
The most obvious example would be to try and find a buffer overflow in
a windows application (these are mostly closed source.. heh).
A good place to start would be a disassembly, looking for any kind of
buffer assignments, or any type of function call that handles strings, etc..
If you find lots of them, in what appears to be code that handles input,
that might be worth a deeper look.
Of course, it's not always easy to tell what a certain piece of code does,
or if it's even relevant to what you're trying to achieve (i.e: buffer overflow
through some user input), but it might work out pretty well.
Debuggers and disassemblers might prove really handy in situations
like these (of course, other analysis tools might prove useful too,
especially under windows).

"LS" Eli