Vulnerability Development mailing list archives
Re[2]: Techniques for Vulnerability discovery
From: dullien () gmx de
Date: Sat, 6 Apr 2002 04:12:15 -0800
Hey Oliver, Hey all, OP> My goal: I want to take 4 of my Jr Security Engineers and send them OP> somewhere for a week or two, or perhaps several weeks at night, and have OP> them come back to tear apart software like it's nothing... <foundstone, OP> hint hint, E&Y, hint hint.. Anyone? Bueller? Bueller?...> Of course, OP> pre-req's would be a solid knowledge of scripting languages, C/C++, OP> network architectures and protocols, and all publically known scripts OP> and code... (but I require that of my jr's anyways so I just want OP> someone else to show them the next level! I have no time, and hell, if OP> the course is good enough, I would even go so that I can stop using OP> semi-educated dumbluck and trial and error! lol) OP> I am VERY interested to see someone post a resource... Maybe this is OP> just a pipe-dream. http://www.blackhat.com/html/bh-usa-02/train-bh-usa-02-hf.html This might cover what you're looking for - one day of source-code-analysis training, and one day of disassembly-of-closed-source training. OP> Ps: on a side note, there are several interesting projects currently in OP> dev everywhere to automate all of this.. So don't worry, soon those OP> afraid of anything they can't click on will also be able to point and OP> click their way through code to find new vulns...swell eh? There are OP> even dev projects going to automate vulnerability discovery in ALREADY OP> COMPILED software! Woohoo... It is a tricky process tho from what I heard. Halvar spoke about developing such a tool once but one never heard of it anytime after, and Dildog is apparently developing a similar tool. All of these will require skilled auditors to interact with them though :) Cheers, Thomas Dullien
Current thread:
- Techniques for Vulneability discovery kaipower (Apr 04)
- RE: Techniques for Vulnerability discovery Oliver Petruzel (Apr 05)
- Re[2]: Techniques for Vulnerability discovery dullien (Apr 06)
- Re[2]: Techniques for Vulnerability discovery dullien (Apr 06)
- RE: Techniques for Vulnerability discovery Leon (Apr 08)
- Re: Techniques for Vulneability discovery Florian Hobelsberger / BlueScreen (Apr 05)
- Re: Techniques for Vulneability discovery Josha Bronson (Apr 05)
- Re: Techniques for Vulneability discovery LS (Apr 05)
- RE: Techniques for Vulneability discovery Pedro Hugo (Apr 05)
- Re: RE: Techniques for Vulneability discovery LS (Apr 08)
- RE: Techniques for Vulneability discovery Pedro Hugo (Apr 05)
- RE: Techniques for Vulneability discovery Marc Maiffret (Apr 05)
- Re: Techniques for Vulneability discovery NoCoNFLiC (Apr 05)
- Re: Techniques for Vulneability discovery 3APA3A (Apr 06)
(Thread continues...)
- RE: Techniques for Vulnerability discovery Oliver Petruzel (Apr 05)