From: dullien@gmx.de
Date: Sat Apr 06 2002 - 07:12:15 EST
Hey Oliver, Hey all,
OP> My goal: I want to take 4 of my Jr Security Engineers and send them
OP> somewhere for a week or two, or perhaps several weeks at night, and have
OP> them come back to tear apart software like it's nothing... <foundstone,
OP> hint hint, E&Y, hint hint.. Anyone? Bueller? Bueller?...> Of course,
OP> pre-req's would be a solid knowledge of scripting languages, C/C++,
OP> network architectures and protocols, and all publically known scripts
OP> and code... (but I require that of my jr's anyways so I just want
OP> someone else to show them the next level! I have no time, and hell, if
OP> the course is good enough, I would even go so that I can stop using
OP> semi-educated dumbluck and trial and error! lol)
OP> I am VERY interested to see someone post a resource... Maybe this is
OP> just a pipe-dream.
http://www.blackhat.com/html/bh-usa-02/train-bh-usa-02-hf.html
This might cover what you're looking for - one day of
source-code-analysis training, and one day of
disassembly-of-closed-source training.
OP> Ps: on a side note, there are several interesting projects currently in
OP> dev everywhere to automate all of this.. So don't worry, soon those
OP> afraid of anything they can't click on will also be able to point and
OP> click their way through code to find new vulns...swell eh? There are
OP> even dev projects going to automate vulnerability discovery in ALREADY
OP> COMPILED software! Woohoo...
It is a tricky process tho from what I heard. Halvar spoke about
developing such a tool once but one never heard of it anytime after,
and Dildog is apparently developing a similar tool. All of these will
require skilled auditors to interact with them though :)
Cheers,
Thomas Dullien
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:28:03 EDT