From: Blue Boar (BlueBoarthievco.com)
Date: Fri Jul 11 2008 - 13:29:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dave Aitel wrote:
> Specifically, to obtain the certification you will need to write a
> buffer overflow from scratch within a certain time period. You will
> first find the buffer overflow by reverse engineering a target program,
> and then obtain a shell from it or execute a command. This is a hands-on
> certification, not a paper test.

Sounds like potentially a meaningful, if narrow, test.

> Immunity Debugger, Immunity CANVAS, and
> VisualSploit will be available to you during the certification process
> to enable you to write the exploit quickly.

ONLY those? If so, that would make yours a cert that is potentially
somewhat interesting, but still is designed to promote a particular
vendor's tools.

I'm pretty lost doing RE work without IDA Pro. Probably wouldn't make
much difference in my case regardless. I can write you a simple stack
overflow exploit given enough time, but probably not with a time limit.
Especially not with an unfamiliar environment. And Halle Berry giving me
a handjob. But I'm probably not the target audience?

> Successfully completing the challenge will allow you to use the NOP
> signifier after your name and will potentially allow you to obtain
> discounts of Immunity products.

I like the name, though.

                                        BB
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]