Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Source code auditing

From: Think Defensive <bugtraq () thinkdefensive co uk>
Date: Tue, 16 Feb 2010 17:34:10 +0000
Oliver,
Here's a useful link; http://www.corelan.be:8800/index.php/category/security/exploit-writing-tutorials/

As mentioned, read up on Metasploit too. Very good tool for exploiting.

Regards,

David Lester
Security Consultant
Think Defensive
On 15 Feb 2010, at 16:53, Oliver Kindernay <oliver.kindernay () gmail com> wrote: 


Hi, I am interested in exploiting applications. I have some practice
in writing exploits (buffer overflow, format string, ...) in linux. I
want to start exploiting real applications (open source). I don't know
how to start with finding bugs in application's source. I can use
perl, grep, etc... for finding some statical buffers, strcpys, etc.
but it's good just for some explorative research. Could you post some
sources where can I learn some about source code auditing?
--- --------------------------------------------------------------------- This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
--- --------------------------------------------------------------------- 



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: