Re: Immunity Certified Network Offense Professional

[Pusscat <pusscat () metasploit com>]

The problem I see with this is that people that can't write a simple
exploit also cannot to other very important tasks such as:

- Decide if a crash is exploitable at all
- Make a judgement about the reliability of any exploits written
- Debug the crash to see what input caused the crash in a reasonable time limit
- Discuss possible fixes intellegently
- Apply knowledge of the crash to other areas of the program to ensure
that the bug isn't repeated and that the fix is in fact complete

Exploitation of a simple vuln requires only simple knowledge of how
x86 systems and the windows OS works, and some experience makimaking
effective use of your tools work in a timely fashion.  In my oppinion
Dave's cert is just an effective test of basic knowledge and skills in
one tiny package.

- Lurene

On Sat, Jul 12, 2008 at 9:47 PM, Thomas Ptacek <tqbf () matasano com> wrote:
> > Then they'd fail. There's no excuse for not being able to write a simple
> >  Windows stack overflow in this day and age. I don't see this part as a
> >  problem. Even web attackers need to know how to do that.
>
> Web attackers do not need to know how to write stack overflows, Dave.
> If you can code, you don't even need to know how to write stack
> overflows to pen-test shrink wrap software.
>
> Two observations, which I can make because our team can obviously
> throw down the archaic exploit writing skills:
>
> - In the commercial market, the ability to find vulnerabilities
> commands a far higher price than the ability to write exploits. This
> isn't opinion; it's simply empirical. People who actually write
> exploits all day tend to work for vendors. A majority of consultants
> can't.
>
> - Most of the game-over vulnerabilities we find aren't code injection
> anymore. You're proposing a metric that could fail someone who can do
> DH parameter tampering, because they don't know the X86 Windows system
> call gate.
>
> >  It is hard, of course, to isolate a hands on test from the tools you
> >  have to use to do that test. VisualSploit and Immunity Debugger are
> >  really easy to use, but if you are only capable of using WinDBG then you
> >  might fail as well. In that case, you'd need to learn how to pick up new
> >  tools faster. We'll have an instruction book available at the table. :>
> >
> >  - -dave
> >
> >
> >  -----BEGIN PGP SIGNATURE-----
> >  Version: GnuPG v1.4.6 (GNU/Linux)
> >  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> >
> > iD8DBQFIeQZjtehAhL0gheoRAvtcAKCGJUNoPLtsEEyKio9y5jOnuYBM2wCfQY3k
> >  CtWVHv6SwDthKJorIEWlwg8=
> >  =O5qQ
> >  -----END PGP SIGNATURE-----
> >
> >
> >  _______________________________________________
> >  Dailydave mailing list
> >  Dailydave () lists immunitysec com
> >  http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
> --
> ---
> Thomas H. Ptacek // matasano security
> read us on the web: http://www.matasano.com/log
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave