Re[2]: Techniques for Vulnerability discovery

[dullien () gmx de]

Hey Oliver, Hey all,

OP> My goal:  I want to take 4 of my Jr Security Engineers and send them
OP> somewhere for a week or two, or perhaps several weeks at night, and have
OP> them come back to tear apart software like it's nothing... <foundstone,
OP> hint hint, E&Y, hint hint.. Anyone? Bueller? Bueller?...>  Of course,
OP> pre-req's would be a solid knowledge of scripting languages, C/C++,
OP> network architectures and protocols, and all publically known scripts
OP> and code... (but I require that of my jr's anyways so I just want
OP> someone else to show them the next level!  I have no time, and hell, if
OP> the course is good enough, I would even go so that I can stop using
OP> semi-educated dumbluck and trial and error! lol)
OP> I am VERY interested to see someone post a resource... Maybe this is
OP> just a pipe-dream.

http://www.blackhat.com/html/bh-usa-02/train-bh-usa-02-hf.html

This might cover what you're looking for - one day of
source-code-analysis training, and one day of
disassembly-of-closed-source training.

OP> Ps: on a side note, there are several interesting projects currently in
OP> dev everywhere to automate all of this..  So don't worry, soon those
OP> afraid of anything they can't click on will also be able to point and
OP> click their way through code to find new vulns...swell eh?  There are
OP> even dev projects going to automate vulnerability discovery in ALREADY
OP> COMPILED software! Woohoo...

It is a tricky process tho from what I heard. Halvar spoke about
developing such a tool once but one never heard of it anytime after,
and Dildog is apparently developing a similar tool. All of these will
require skilled auditors to interact with them though :)

Cheers,
Thomas Dullien