Hi all (corrected for the lists..), How about applying reverse engineering techniques in order to discover potential security holes ? The most obvious example would be to try and find a buffer overflow in a windows application (these are mostly closed source.. heh). A good place to start would be a disassembly, looking for any kind of buffer assignments, or any type of function call that handles strings, etc.. If you find lots of them, in what appears to be code that handles input, that might be worth a deeper look. Of course, it's not always easy to tell what a certain piece of code does, or if it's even relevant to what you're trying to achieve (i.e: buffer overflow through some user input), but it might work out pretty well. Debuggers and disassemblers might prove really handy in situations like these (of course, other analysis tools might prove useful too, especially under windows). "LS" Eli
This archive was generated by hypermail 2b30 : Fri Apr 05 2002 - 15:12:01 PST