Punching above your weight class

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The best hacker teams in the world right now may belong to organized
crime groups. In my spare time in between packing lunch boxes and
cleaning the floor under the high chair, I've been thinking about ways
in which these organizations differ from most commercial companies who
do penetration testing. A company has a rather large budget, dedicated
infrastructure, and an experienced and skilled staff. So why do so
many of them fight like flabby novices? The fact is, giving someone a
LOT of money, and a big mission to solve, often gives them a good
excuse to get fat and useless. I don't know how to solve your problem
if you're a hundred million dollar attack team yet. But if you're at
ten million or less, these are the rules I've come up with.


Six Rules for Punching Above Your Weight Class:
o Never use an exploit in the wild you don't completely understand. If
you can't debug it on the fly, you can't use it
o Don't split up research from attack. Your research team needs to be
focused on the mission.
o Develop a fast-reaction team that can hit easy or very time critical
vulnerabilities within 8 hours or less.
o Be target focused
o Develop technical partnerships with other people who can write
exploits. There just aren't that many of them.
o One team, one mission. People naturally want to work on only Windows
or only Unix, but that's not the way to success. Find people who can
work on the whole picture.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGOfo7B8JNm+PA+iURAmnWAJ9fMkFiaNwsiOsiKUqgq2p3bJsv9QCg6u+7
Yc5yKpsBP3b857WvhQRtXkc=
=rzBU
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave