Dailydave mailing list archives
The Attack Development Lifecycle
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 28 Jan 2008 11:05:26 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Often when you write a talk or paper, you find out much later what it is about. In the case of the S4 SCADA Security conference talk I gave last week, I realized only the day before what it was really trying to say. Essentially, I think hackers in general have a method that defeats various company's Secure Development Lifecycles. ("Linux" is included here as a "company") Of course, like any system, a SDL can be attacked. And when it is successfully compromised, you see the pattern we see now: widespread ability to compromise systems. Malware everywhere. An untrustworthy Internet. I think hackers do this at a macro level via emergent behaviors that evolved over time. I also think that if you approach it systematically, you can build a process and set of technology to defeat any company's particular SDL over the long term. Building these processes and obtaining this technology is a large part of my job at Immunity. No doubt many of the people on this list have a similar job. In any case, that's what the presentation here is about. I'll name the next one the "Attack Development Lifecycle" to be more explicit. http://www.immunityinc.com/downloads/DaveAitel_TheHackerStrategy.pdf - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHnf1EB8JNm+PA+iURArWdAKDJG65zOx1jrEaJ0rv8M7EeJy2MBwCggGE+ 1N4ohsJ3V7EaGIWCHQn6SkA= =Ojnt -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The Attack Development Lifecycle Dave Aitel (Jan 28)