Dailydave mailing list archives
Re: Immunity Certified Network Offense Professional
From: "Paul Melson" <pmelson () gmail com>
Date: Sun, 13 Jul 2008 18:57:22 -0400
On Sun, Jul 13, 2008 at 2:07 PM, Pusscat <pusscat () metasploit com> wrote:
- Decide if a crash is exploitable at all - Make a judgement about the reliability of any exploits written - Debug the crash to see what input caused the crash in a reasonable time limit - Discuss possible fixes intellegently - Apply knowledge of the crash to other areas of the program to ensure that the bug isn't repeated and that the fix is in fact complete
All of the above can be done without any shellcode, just your favorite compiler/interpreter and a debugger. And with commonly available tools like Metasploit's shellcode generator, it's trivial to weaponize your overflow, especially on Win2K. All of this adds up to a successful penetration test, providing value to the client. But it wouldn't get you a NOP cert. Who cares? If you're doing this in the field already, who's asking you for a cert? Are there pen-testing firms that are A) any good at it and B) clamoring for their staff to have certifications? Just folks dealing with the 8570.1M mandate, right?
Exploitation of a simple vuln requires only simple knowledge of how x86 systems and the windows OS works, and some experience makimaking effective use of your tools work in a timely fashion. In my oppinion Dave's cert is just an effective test of basic knowledge and skills in one tiny package.
No, Immunity's cert is a test of how good you are at it using Immunity's products. Which is fine, every vendor with a cert does exactly this. Let's not make it something it's not. PaulM _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Immunity Certified Network Offense Professional, (continued)
- Re: Immunity Certified Network Offense Professional Alexander Sotirov (Jul 11)
- Re: Immunity Certified Network Offense Professional Rodney Thayer (Jul 12)
- Re: Immunity Certified Network Offense Professional root (Jul 12)
- Re: Immunity Certified Network Offense Professional Dave Aitel (Jul 12)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional Pusscat (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional matthew wollenweber (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional val smith (Jul 14)
- Re: Immunity Certified Network Offense Professional Paul Melson (Jul 13)
- Re: Immunity Certified Network Offense Professional drraid (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional root (Jul 14)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 14)
- Re: Immunity Certified Network Offense Professional Paul Melson (Jul 14)
- Re: Immunity Certified Network Offense Professional val smith (Jul 15)
- Re: Immunity Certified Network Offense Professional Dino A. Dai Zovi (Jul 16)
- Re: Immunity Certified Network Offense Professional val smith (Jul 16)
- Re: Immunity Certified Network Offense Professional Pete Herzog (Jul 16)
- Re: Immunity Certified Network Offense Professional Adam Shostack (Jul 16)