From: Micheal Cottingham (techie.michealgmail.com)
Date: Sat Aug 16 2008 - 17:53:31 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Definitely. As software makers up the ante, I think it is more
important than ever to learn assembly. And if you do fuzz something,
you'll still have to go through and work out what/why/how to
understand the behavior and to write exploits/PoC. Metasploit and
other packages may make things "easy," but someone still had to go
through and understand the vulnerability to write the exploit for it.
That's my half a cent anyway.

Micheal

On Sat, Aug 16, 2008 at 2:18 PM, Jim Kelly <macubergeekcomcast.net> wrote:
> I have a personal goal of learning how to find vulnerabilities with fuzzers
> and code POCs (preferably in Python).
>
> Now I've gotten the traditional advice of "learn assembly" from a couple of
> folks. I wonder if that is necessary these days.
> I always thought one needed to learn assembly to code shell code. With the
> capabilities of Metasploit, I wonder if this is still true? Do you need to
> know assembly coding to decipher the output of disassemblers like IDA Pro or
> debuggers like Olly?
>
> Setting aside the logistical problems of finding a local college that still
> teaches assembly....am I overlooking something here?
>
> All comments welcome.
>
> Jim
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes inSecuring Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]