Hey Oliver, Hey all, OP> My goal: I want to take 4 of my Jr Security Engineers and send them OP> somewhere for a week or two, or perhaps several weeks at night, and have OP> them come back to tear apart software like it's nothing... <foundstone, OP> hint hint, E&Y, hint hint.. Anyone? Bueller? Bueller?...> Of course, OP> pre-req's would be a solid knowledge of scripting languages, C/C++, OP> network architectures and protocols, and all publically known scripts OP> and code... (but I require that of my jr's anyways so I just want OP> someone else to show them the next level! I have no time, and hell, if OP> the course is good enough, I would even go so that I can stop using OP> semi-educated dumbluck and trial and error! lol) OP> I am VERY interested to see someone post a resource... Maybe this is OP> just a pipe-dream. http://www.blackhat.com/html/bh-usa-02/train-bh-usa-02-hf.html This might cover what you're looking for - one day of source-code-analysis training, and one day of disassembly-of-closed-source training. OP> Ps: on a side note, there are several interesting projects currently in OP> dev everywhere to automate all of this.. So don't worry, soon those OP> afraid of anything they can't click on will also be able to point and OP> click their way through code to find new vulns...swell eh? There are OP> even dev projects going to automate vulnerability discovery in ALREADY OP> COMPILED software! Woohoo... It is a tricky process tho from what I heard. Halvar spoke about developing such a tool once but one never heard of it anytime after, and Dildog is apparently developing a similar tool. All of these will require skilled auditors to interact with them though :) Cheers, Thomas Dullien
This archive was generated by hypermail 2b30 : Sat Apr 06 2002 - 09:26:17 PST