The Attack Development Lifecycle

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Often when you write a talk or paper, you find out much later what it
is about. In the case of the S4 SCADA Security conference talk I gave
last week, I realized only the day before what it was really trying to
say.

Essentially, I think hackers in general have a method that defeats
various company's Secure Development Lifecycles. ("Linux" is included
here as a "company")

Of course, like any system, a SDL can be attacked. And when it is
successfully compromised, you see the pattern we see now: widespread
ability to compromise systems. Malware everywhere. An untrustworthy
Internet. I think hackers do this at a macro level via emergent
behaviors that evolved over time.

I also think that if you approach it systematically, you can build a
process and set of technology to defeat any company's particular SDL
over the long term. Building these processes and obtaining this
technology is a large part of my job at Immunity. No doubt many of the
people on this list have a similar job.

In any case, that's what the presentation here is about. I'll name the
next one the "Attack Development Lifecycle" to be more explicit.
http://www.immunityinc.com/downloads/DaveAitel_TheHackerStrategy.pdf

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHnf1EB8JNm+PA+iURArWdAKDJG65zOx1jrEaJ0rv8M7EeJy2MBwCggGE+
1N4ohsJ3V7EaGIWCHQn6SkA=
=Ojnt
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave