From: Paul Melson (pmelsongmail.com)
Date: Sun Jul 13 2008 - 17:57:22 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jul 13, 2008 at 2:07 PM, Pusscat <pusscatmetasploit.com> wrote:
> - Decide if a crash is exploitable at all
> - Make a judgement about the reliability of any exploits written
> - Debug the crash to see what input caused the crash in a reasonable time limit
> - Discuss possible fixes intellegently
> - Apply knowledge of the crash to other areas of the program to ensure
> that the bug isn't repeated and that the fix is in fact complete

All of the above can be done without any shellcode, just your favorite
compiler/interpreter and a debugger. And with commonly available
tools like Metasploit's shellcode generator, it's trivial to weaponize
your overflow, especially on Win2K. All of this adds up to a
successful penetration test, providing value to the client. But it
wouldn't get you a NOP cert. Who cares? If you're doing this in the
field already, who's asking you for a cert? Are there pen-testing
firms that are A) any good at it and B) clamoring for their staff to
have certifications? Just folks dealing with the 8570.1M mandate,
right?

> Exploitation of a simple vuln requires only simple knowledge of how
> x86 systems and the windows OS works, and some experience makimaking
> effective use of your tools work in a timely fashion. In my oppinion
> Dave's cert is just an effective test of basic knowledge and skills in
> one tiny package.

No, Immunity's cert is a test of how good you are at it using
Immunity's products. Which is fine, every vendor with a cert does
exactly this. Let's not make it something it's not.

PaulM
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]