From: Robert Foxworth (rfoxwor1@tampabay.rr.com)
Date: Sat Dec 04 2004 - 08:52:20 EST
A new book has just appeared, called Gray Hat Hacking, and has
pretty good technical detail on some of these issues. Osborne,
over 400 pages, cost $50, 5 authors Copyright 2005.
ISBN 0-07-225709-1. I have no connection with this book other
than as a reader.
- Bob (GSEC)
> SANS Track 4 is not bad but has little time devoted to buffer
overflows and
> format string
> attacks. Not to metion other like minded phenomenom. It is very hard
to find
> pertinent
> training at this level really. Not only that but as Trey pointed out
you need
> some prior
> knowledge before attending this type of training. I would certainly
counsel
> anyone to check
> with the vendor for the knowledge base required to fully benefit from
this type
> of specialized
> training.
>
> Cheers,
>
> Don
>
> --------------------------------------------------------------
> Don Parker, GCIA GCIH
> Intrusion Detection & Incident Handling Specialist
> Bridon Security & Training Services
> http://www.bridonsecurity.com
> voice: 1-613-302-2910
> --------------------------------------------------------------
>
> On Thu, 2 Dec 2004 16:50 , 'Keifer, Trey'
<Trey.Keifer@fishnetsecurity.com> sent:
>
> >While having a solid foundation in both the tools (IDA Pro, softice,
gdb) and
> concepts of both
> >programming languages (C/C++/.NET) and systems architecture(Assembly
and i386
> instruction sets) will
> >certainly give you the ability to perform these types of assessments,
I feel it
> is unrealistic to
> >expect someone to be able to pick up that knowledge in a timeframe
relevant to
> apply it to themselves
> >or their work immediately. Either you have studied those subjects in
the past
> and you are going to put
> >them together now with security in mind or someone is going to pay
you to work
> on more basic
> >assessments and pick the rest up as you can. For individuals with an
immediate
> need to learn the
> >techniques and apply it to their job they need to have an environment
they can
> ask questions and be
> >provided guidance in directions to go when they get stuck. (which can
take long
> hours and lots of
> >creativity to overcome when self-teaching)
> >
> >SANS Institute offers a supplemental "break out" course by Lenny
Zeltser (one of
> the only GIAC GSE's
> >in the world right now) on Reverse Engineering Malware. It teaches
both reverse
> engineerig
> >fundamentals and how to use the tools (primarily IDA and Vmware) to
analyze
> compiled binaries via a
> >"black-box" method. I wish they would offer it as a full course, but
I haven't
> seen it yet. The course
> >is great though because it gives you hands-on with the tools in an
> assessment/investigative mindset
> >and because it is malware the apps themselves are typically small and
manageable
> by beginners.
>
> <snip for b/w>
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:09 EDT