[Dailydave] The Attack Development Lifecycle
Dave Aitel
dave at immunityinc.com
Mon Jan 28 11:05:26 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Often when you write a talk or paper, you find out much later what it
is about. In the case of the S4 SCADA Security conference talk I gave
last week, I realized only the day before what it was really trying to
say.
Essentially, I think hackers in general have a method that defeats
various company's Secure Development Lifecycles. ("Linux" is included
here as a "company")
Of course, like any system, a SDL can be attacked. And when it is
successfully compromised, you see the pattern we see now: widespread
ability to compromise systems. Malware everywhere. An untrustworthy
Internet. I think hackers do this at a macro level via emergent
behaviors that evolved over time.
I also think that if you approach it systematically, you can build a
process and set of technology to defeat any company's particular SDL
over the long term. Building these processes and obtaining this
technology is a large part of my job at Immunity. No doubt many of the
people on this list have a similar job.
In any case, that's what the presentation here is about. I'll name the
next one the "Attack Development Lifecycle" to be more explicit.
http://www.immunityinc.com/downloads/DaveAitel_TheHackerStrategy.pdf
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHnf1EB8JNm+PA+iURArWdAKDJG65zOx1jrEaJ0rv8M7EeJy2MBwCggGE+
1N4ohsJ3V7EaGIWCHQn6SkA=
=Ojnt
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list