Educause Security Discussion mailing list archives
Re: Penetration Testing vs the academic world
From: Morrow Long <morrow.long () YALE EDU>
Date: Thu, 12 Jan 2012 17:20:53 -0500
leandroqm () gmail com wrote:
Thank you for your reply.
If you find yourself qualified to answer the question, please go ahead.
What I intend to do is to find out what topics are subject to further
development by the academia so I can contribute in my thesis.
If anyone can help me enlighten that path, please do.
Leandro Quibem Magnabosco. leandroqm () gmail com
Regarding enlightenment, Im not certain if I can illuminate the middle path for you but I may be able to show you the way. To attain enlightenment the Buddha says one must obliterate the self (note also: all of life is suffering, suffering comes from desire and the only way to escape suffering is to get rid of desire). At any rate I read Zen and the Art of Software Maintenance once. I recommending talk to faculty in the computer science departments at major universities. But, as a practitioner, here is some fertile ground for Masters Thesis research papers in the area of computer and network penetration testing (AKA extreme vulnerability testing): · Building automated tools for maximum or complete test coverage. · Proving the effectiveness of formal network penetration testing methodologies and frameworks. · Analysis on how attackers attempt to break into computers (using honeypots or honeynets) in order to model their behavior using penetration testing. · Proving or dispelling the practice/control/myth of password controls (quality, aging, etc.). Our faculty users are always asking us for peer-reviewed academic research papers showing us why they should have to change their password (every year). Unfortunately the best known recent paper on this topic by Microsoft researcher Cormac Herley and Paul C. van Oorschot (Carleton University, Ottawa, Canada) unfortunately tends to prove the opposite (that the cost and effort of password quality and aging often apparently arent worth it). I need someone to write a paper to prove that they are worth it so will you go ahead and write it? [Just kidding ..] http://research.microsoft.com/apps/pubs/?id=154077 http://research.microsoft.com/pubs/154077/Persistence-authorcopy.pdf (Preprint) · I think another great research topic is on social engineering via social networks for penetration testing. Just for fun here is what I was able to find out what public information was on the Internet about you from some quick research / recon : o Google+ page : https://plus.google.com/104286409358585115635/about § There are 249 peoples photos and names listed in your Google+ circles. You may want to tighten this down. § There are another 244 peoples photos and names in which you are listed in their Google+ circles. o Google Buzz: https://profiles.google.com/104286409358585115635/buzz - mostly links to a number of YouTube and other videos o Picasa web album: https://plus.google.com/photos/104286409358585115635/albums?banner=pwa - almost no photos o YouTube Channel: http://www.youtube.com/user/leandroqm § Youve uploaded 39 videos (they appear to be videos of your family) and listed 261 videos as your favorite. o Facebook: http://www.facebook.com/leandroqm § You were born on June 27, 1982. Come from Joaçaba <http://www.facebook.com/pages/Joa%C3%A7aba/111452215538605> in Brazil. Live currently in Florianópolis, Santa Catarina <http://www.facebook.com/pages/Florian%C3%B3polis-Santa-Catarina/10633923273 4991> , Brazil. You went to high school at the <http://www.facebook.com/pages/Col%C3%A9gio-Cora%C3%A7%C3%A3o-de-Jesus/10212 8923162345> Colégio Coração de Jesus. You like bicycling. § In music you like : Disturbed, Mudvayne, Phanatic, David Guetta and deadmau5. § In movies you like anime and sci fi. There is a list of movies and books (including some info security books). § You know Brazilian (Portuguese), Spanish, Japanese, English. § You appear to be identifying yourself as an atheist (but you are fairly young yet and that could change). o Twitter: http://twitter.com/leandroqm § You want to graduate with a Ph.D. and become a full-time pen tester and web apps security researcher. § You were asking about persistent threats as a research topic for a paper back in November. o About.me: http://about.me/leandroqm o Foursquare: https://foursquare.com/leandroqm § You ate at an Outback Steakhouse in Curitiba, PR and had an excellent house salad and thought the waitress Angel was an angel. o LinkedIn: http://www.linkedin.com/pub/leandro-magnabosco/15/54b/90a (244 connections) § You are a Masters student in Computer Science at Universidade Federal de Santa Catarina (ufsc.br) which you entered in 2011 and from which you hope to graduate in 2014 § Previously you attended : · Senai - Centro de Tecnologia em Automação e Informática · Universidade do Sul de Santa Catarina (undergraduate?) § Youve worked as a consultant in the past for TIForte (2010/6 2011/10) and FCDL/SC (2009/6 2010/3). § Morrow
Attachment:
smime.p7s
Description:
Current thread:
- Penetration Testing vs the academic world Leandro Quibem Magnabosco (Jan 12)
- Re: Penetration Testing vs the academic world Valdis Kletnieks (Jan 12)
- Re: Penetration Testing vs the academic world Leandro Quibem Magnabosco (Jan 12)
- Re: Penetration Testing vs the academic world Valdis Kletnieks (Jan 12)
- Re: Penetration Testing vs the academic world Morrow Long (Jan 12)
- Re: Penetration Testing vs the academic world Leandro Quibem Magnabosco (Jan 13)
- Re: Penetration Testing vs the academic world Leandro Quibem Magnabosco (Jan 12)
- Re: Penetration Testing vs the academic world Valdis Kletnieks (Jan 12)