[Dailydave] Immunity Certified Network Offense Professional
Pusscat
pusscat at metasploit.com
Sun Jul 13 14:07:24 EDT 2008
The problem I see with this is that people that can't write a simple
exploit also cannot to other very important tasks such as:
- Decide if a crash is exploitable at all
- Make a judgement about the reliability of any exploits written
- Debug the crash to see what input caused the crash in a reasonable time limit
- Discuss possible fixes intellegently
- Apply knowledge of the crash to other areas of the program to ensure
that the bug isn't repeated and that the fix is in fact complete
Exploitation of a simple vuln requires only simple knowledge of how
x86 systems and the windows OS works, and some experience makimaking
effective use of your tools work in a timely fashion. In my oppinion
Dave's cert is just an effective test of basic knowledge and skills in
one tiny package.
- Lurene
On Sat, Jul 12, 2008 at 9:47 PM, Thomas Ptacek <tqbf at matasano.com> wrote:
>> Then they'd fail. There's no excuse for not being able to write a simple
>> Windows stack overflow in this day and age. I don't see this part as a
>> problem. Even web attackers need to know how to do that.
>
> Web attackers do not need to know how to write stack overflows, Dave.
> If you can code, you don't even need to know how to write stack
> overflows to pen-test shrink wrap software.
>
> Two observations, which I can make because our team can obviously
> throw down the archaic exploit writing skills:
>
> - In the commercial market, the ability to find vulnerabilities
> commands a far higher price than the ability to write exploits. This
> isn't opinion; it's simply empirical. People who actually write
> exploits all day tend to work for vendors. A majority of consultants
> can't.
>
> - Most of the game-over vulnerabilities we find aren't code injection
> anymore. You're proposing a metric that could fail someone who can do
> DH parameter tampering, because they don't know the X86 Windows system
> call gate.
>
>>
>> It is hard, of course, to isolate a hands on test from the tools you
>> have to use to do that test. VisualSploit and Immunity Debugger are
>> really easy to use, but if you are only capable of using WinDBG then you
>> might fail as well. In that case, you'd need to learn how to pick up new
>> tools faster. We'll have an instruction book available at the table. :>
>>
>> - -dave
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.6 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>>
>> iD8DBQFIeQZjtehAhL0gheoRAvtcAKCGJUNoPLtsEEyKio9y5jOnuYBM2wCfQY3k
>> CtWVHv6SwDthKJorIEWlwg8=
>> =O5qQ
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunitysec.com
>> http://lists.immunitysec.com/mailman/listinfo/dailydave
>>
>
>
> --
> ---
> Thomas H. Ptacek // matasano security
> read us on the web: http://www.matasano.com/log
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
More information about the Dailydave
mailing list