Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Automatic Exploitation Paper Peer Review

From: Kristian Erik Hermansen <kristian.hermansen () gmail com>
Date: Tue, 14 Dec 2010 12:43:29 -0800
On Tue, Dec 14, 2010 at 10:01 AM,  <jmsc12 () hush ai> wrote:

That hotfuzz thing that was mentioned was really interesting - but
I can't imagine someone who is still a student to come up with an
idea like that by himself - and surely not with guidance from an
academic professor.


Jared DeMott wrote a whole bunch of similar tools while in graduate
school, if I am not mistaken.  I don't see why you think it would be
such a difficult problem to formulate such ideas.  However, the trick
is coming up with ideas that offer superior value over previously
published solutions.  In a PhD program, your end goal is to become a
world expert on a very narrow topic.  Maybe in your Master's studies
you won't go so deep, but such projects don't seem at all out of
reach, given that there is so much public research going on in exploit
development.

But as Mr. Aitel says, getting into exploit dev now is tougher because
you don't have the context of the past decades in perspective.  There
are lots of kung-fu moves you have to make to evade the
software/hardware protections these days, even if you do discover some
potential input vectors quite easily...
-- 
Kristian Erik Hermansen
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: