Dailydave mailing list archives
Re: Immunity Certified Network Offense Professional
From: drraid <drraid () gmail com>
Date: Sun, 13 Jul 2008 13:43:34 -0700
On Sat, Jul 12, 2008 at 6:47 PM, Thomas Ptacek <tqbf () matasano com> wrote:
Then they'd fail. There's no excuse for not being able to write a simple Windows stack overflow in this day and age. I don't see this part as a problem. Even web attackers need to know how to do that.Web attackers do not need to know how to write stack overflows, Dave. If you can code, you don't even need to know how to write stack overflows to pen-test shrink wrap software. Two observations, which I can make because our team can obviously throw down the archaic exploit writing skills: - In the commercial market, the ability to find vulnerabilities commands a far higher price than the ability to write exploits. This isn't opinion; it's simply empirical. People who actually write exploits all day tend to work for vendors. A majority of consultants can't. - Most of the game-over vulnerabilities we find aren't code injection anymore. You're proposing a metric that could fail someone who can do DH parameter tampering, because they don't know the X86 Windows system call gate.
Many consultants can't actually exploit buffer overflows, but almost all of them can describe the process to do it. It seems that these people are more fit to consult on how these vulnerabilities work instead of if something is actually vulnerable. This could be one of the big problems with the industry. "Web attackers" is too vague here -- if you're talking about owning something named /cgi-bin/custom_request.exe, then yes, being that this is an archaic web application, you probably do need archaic memory corruption exploitation skills. Obviously the SQL injection, RFI/LFI, XSS/CSRF doesn't require this. I would generally agree that anyone selling themselves as a pen-tester should be able to pass this -- but not at the exclusion of also being able to identify poor use of crypto, architectural failures or web application vulnerabilities. Maybe the dispute here is in understanding what the purpose of this certification is. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Immunity Certified Network Offense Professional, (continued)
- Re: Immunity Certified Network Offense Professional Rodney Thayer (Jul 12)
- Re: Immunity Certified Network Offense Professional root (Jul 12)
- Re: Immunity Certified Network Offense Professional Dave Aitel (Jul 12)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional Pusscat (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional matthew wollenweber (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional val smith (Jul 14)
- Re: Immunity Certified Network Offense Professional Paul Melson (Jul 13)
- Re: Immunity Certified Network Offense Professional drraid (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional root (Jul 14)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 14)
- Re: Immunity Certified Network Offense Professional Paul Melson (Jul 14)
- Re: Immunity Certified Network Offense Professional val smith (Jul 15)
- Re: Immunity Certified Network Offense Professional Dino A. Dai Zovi (Jul 16)
- Re: Immunity Certified Network Offense Professional val smith (Jul 16)
- Re: Immunity Certified Network Offense Professional Pete Herzog (Jul 16)
- Re: Immunity Certified Network Offense Professional Adam Shostack (Jul 16)
- Re: Immunity Certified Network Offense Professional Joanna Rutkowska (Jul 17)