[Dailydave] Immunity Certified Network Offense Professional
Paul Melson
pmelson at gmail.com
Sun Jul 13 18:57:22 EDT 2008
On Sun, Jul 13, 2008 at 2:07 PM, Pusscat <pusscat at metasploit.com> wrote:
> - Decide if a crash is exploitable at all
> - Make a judgement about the reliability of any exploits written
> - Debug the crash to see what input caused the crash in a reasonable time limit
> - Discuss possible fixes intellegently
> - Apply knowledge of the crash to other areas of the program to ensure
> that the bug isn't repeated and that the fix is in fact complete
All of the above can be done without any shellcode, just your favorite
compiler/interpreter and a debugger. And with commonly available
tools like Metasploit's shellcode generator, it's trivial to weaponize
your overflow, especially on Win2K. All of this adds up to a
successful penetration test, providing value to the client. But it
wouldn't get you a NOP cert. Who cares? If you're doing this in the
field already, who's asking you for a cert? Are there pen-testing
firms that are A) any good at it and B) clamoring for their staff to
have certifications? Just folks dealing with the 8570.1M mandate,
right?
> Exploitation of a simple vuln requires only simple knowledge of how
> x86 systems and the windows OS works, and some experience makimaking
> effective use of your tools work in a timely fashion. In my oppinion
> Dave's cert is just an effective test of basic knowledge and skills in
> one tiny package.
No, Immunity's cert is a test of how good you are at it using
Immunity's products. Which is fine, every vendor with a cert does
exactly this. Let's not make it something it's not.
PaulM
More information about the Dailydave
mailing list