Dailydave mailing list archives
Re: Immunity Certified Network Offense Professional
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 14 Jul 2008 21:48:07 -0400
On Mon, Jul 14, 2008 at 8:18 AM, Thomas Ptacek <tqbf () matasano com> wrote:
The problem is, it is not MORE VALUABLE to exploit memory corruption flaws than it is to find them. Consider two scenarios: (1) A shrink-wrap software pen test, for a vendor or a customer --- the target is one application. You have 5 days. Unless you think you can sweep 500,000 lines of C code clean of vulnerabilities in 40 hours, an hour spent on exploit dev is an hour not spent finding vulnerabilities.
The thing about exploits in pen-testing is that they're not really necessary for the client or the client's code. They're more for the vendor of the shrink-wrap software that you're testing. A client smart enough to pay for a pen-test (as opposed to a vulnerability assessment) will also be able to understand they should fix their code when you show them a screenshot of gdb showing EIP = 0x41414141. But vendors are another story - you've gotta have a highly reliable PoC exploit before they do anything at all for your client in terms of a fix. (This is why billing T&M for a pen-test is convenient - you don't have to ask your client to sign another contract to code the PoC and sit through the conference calls with the vendor.)
Plenty of people cheat at writing exploits too.
Cheating at exploit writing is like cheating at running. Except when you're in competition, nobody cares if you drove a car, so long as you arrived at the correct destination. PaulM _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Immunity Certified Network Offense Professional, (continued)
- Re: Immunity Certified Network Offense Professional Pusscat (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional matthew wollenweber (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional val smith (Jul 14)
- Re: Immunity Certified Network Offense Professional Paul Melson (Jul 13)
- Re: Immunity Certified Network Offense Professional drraid (Jul 13)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 13)
- Re: Immunity Certified Network Offense Professional root (Jul 14)
- Re: Immunity Certified Network Offense Professional Thomas Ptacek (Jul 14)
- Re: Immunity Certified Network Offense Professional Paul Melson (Jul 14)
- Re: Immunity Certified Network Offense Professional val smith (Jul 15)
- Re: Immunity Certified Network Offense Professional Dino A. Dai Zovi (Jul 16)
- Re: Immunity Certified Network Offense Professional val smith (Jul 16)
- Re: Immunity Certified Network Offense Professional Pete Herzog (Jul 16)
- Re: Immunity Certified Network Offense Professional Adam Shostack (Jul 16)
- Re: Immunity Certified Network Offense Professional Joanna Rutkowska (Jul 17)