Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Thomas Ptacek (tqbfmatasano.com)
Date: Sun Jul 13 2008 - 14:03:00 CDT
> The problem I see with this is that people that can't write a simple
> exploit also cannot to other very important tasks such as:
> - Decide if a crash is exploitable at all
Plenty of people who can't write X86 assembly can discern whether a
flaw allowed them to corrupt memory. Plenty of people who can write
X86 assembly, like myself, are content to leave it at that: memory
corruption bad. MUSTFIX.
> - Make a judgement about the reliability of any exploits written
This is circular. Sure, if you write exploits, knowing how to do so
reliably will in fact improve the quality of the checks you write for
your company's scanner.
> - Debug the crash to see what input caused the crash in a reasonable time limit
This isn't true. Basic investigative skills, of the sort possessed by
many 2nd tier call center operators, coupled with the ability to
generate malicious outputs, and you've got this one nailed. I agree
it's important, so test for it.
> - Discuss possible fixes intellegently
What does ret-to-libc have to do with knowing how to manage sign bits,
check multiplications, or bound copies?
> - Apply knowledge of the crash to other areas of the program to ensure
> that the bug isn't repeated and that the fix is in fact complete
It really sounds like you want to test people's ability to write
fuzzers. Amen to that. I'm not sure where the shellcode comes in to
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
Dailydave mailing list