I've done the infosec reverse engineering course.  I did the online version and paid my own money for it.

If you see it as an entry level course, then I think it is fine, although the lab manual does leave a little bit to be desired.

I've spoken with the institute and they assure me they're revamping the course significantly as well as improving the exam to include a practical component, bringing it in-line with their other exams (such as the cept)

as it stands though, I'd have to second that buying the Reversing book is a far more economical method of learning reversing.  

I have noticed on their site that there is an advanced reversing course available, specifically looking at malware.  I don't know how that one fares compared to the current one.

edit:  I got the course for half-price as an introductory offer last year, and although it certainly isn't polished, they have been very receptive to feedback I've given. 

they're not usually the same thing - what are you trying to achieve?

a disassembler is often combined with a debugger (as in the case of OllyDbg or IDAPro), but sometimes you can get no frills dissassemblers like objdump or windbg, which will just output the straight dissassembly with no extra functionality.

on the other side, if you're writing assembly, you can use most C compilers and place in-line assembly wherever you want to.  but if you really want to write purely and only in assembly language, there are quite a few available.  I use NASM, which assembles and disassembles (using the ndisasm command).

does that help at all?

just came back from this conference- was quite good - listened to the kaspersky lab's "the botnet business" seminar but it was nothing new, mostly just the details of conficker for people who didn't already know - making the point that malware is getting far more sophisticated. 
went arround to the other vendors that were doing talks and realised that most of the talks were going to be not so informative.  and as I am more interested in the technical side of things I didn't go to any of the business orientated seminars.

one thing that really made my day was at one of the stalls Brian Oakley (former president of the british computer society and now bletchley park tour guide) was there with an actual enigma machine which he demonstrated to me and opened up to show the wheels etc.  (one of the lightbulbs didn't work etc).  He looks to be in his late 70's early 80's. I asked if he had worked at bletchley park during the war and he looked non-commital and said "no, but I was associated with it".  so I left it at that.

 I asked about bletchley park now and are all the old machines still working etc and he smiled and said something along the lines of "they're mostly all working - we were lucky - one nice lady came along one day and said that she worked on these machines during the war and still had her maintenance kit with her.  so she was able to fix a lot of the non-working machines.  I asked her about the time during the war, but after that it got a little bit complicated because she said that during the war she was a man"

anyway - really made my day - I donated £10 to the maintenance of bletchley park anyway. 

also came away with a free malware assessment CD from Kaspersky lab, so we'll give that a whirl shortly.

anyway...

edit:

also picked up a cheap copy of Hacking the Human by Ian Mann. got him to sign it for me also  :-)   I've been looking for a good social engineering book for a while - kevin mitnik's one just didn't do it for me and I said so, and Ian said that he actually wrote it in response to kevin's book.   so I'll write up a review when I'm done with it, but it looks good so far.

That actually looks really good - I found python very easy to pick up, but then hit the wall of having to search for an hour or more for every 2 minutes of code I wanted to write. was thinking of buying a python manual anyway so this looks like it could be the one to get. 

I'll be very interested in knowing your thoughts on it.

hmm - this is all getting mighty expensive for a non-proffessional like me.

I guess I could make it tax deductible but still....  I've never had a need for an MSDN subscription because I almost entirely work with oracle/unix..

can't even afford justify the cost of a full copy of IDA Pro....  guess it's time to get me a job in the industry  :-)

Hi All,

I was wondering about what people do to research vulnerabilities on operating systems that they don't own.  case in point - I'm about to start a security course that requires me to have windows server 2000.  I'm able to download a trial version of server 2003, but I'm not able to find a copy of server 2000.

thoughts?

back in the day we had to patch the .exe to make it not run from the HD, not the CD.  but I guess that's not so much a problem now days with virtual CD's etc.  not that I engage in this kind of nefarious stuff at all.

I don't understand why they would do this - a keygen is just a reproduction of the algorithm used to produce a registration key.

unless they used the program itself to self-keygen and that somehow flagged it....

Danny Quist also has something to say about it.  interesting how anti-virus software is reporting obfuscation as potential malware

http://www.offensivecomputing.net/?q=node/1165

that would be this one  that you're after

it's free if you register before the 24th.  I don't know why they don't want students...... but just say you're a programmer or something for your own company.  I had to put my company details in the registration form for some reason, even though I'm just going on behalf of myself.

if you've got a free day or so, no reason why you shouldn't go allong anyway - if you don't learn anything then there's no harm done, but because it's free, it's worth going allong anyway!

looks like quite a huge list of vendors on the floorplan - I'm going to just chat to a few in anycase.

The Infosecurity Europe conference is coming up next month and I can only afford to take one day off to see it, but I don't know which.  The following speeches are on:

http://www.infosec.co.uk/page.cfm/Action=Seminars/CategoryID=1

I'm thinking day one because it's so packed full of stuff, but I'm also keen on the "security Chameleons" speech on day two, and hearing phil Zimmermann speak on day two also.

Thoughts anyone?  Anyone else going along?

just came accross this site also:
http://samspade.org/whois/74.125.67.100

may provide some additional info, perhaps not.

care to link to that talk?  it sounds interesting?

I'd say the more important thing is to understand "how databases work" i.e. database theory, learn about different types of statements, what a union does, what group by and having clauses do etc.  once you know this, then you just need to find the specific syntax for whichever RDBMS you're working with. 

having said that, it's pretty much the same for all programming languages - learn the fundamentals - varialbes, pointers, loops, conditional statements, functions etc. then you should be able to pick up any language with minimal effort.  next step up from that is getting your head arround object oriented concepts, but that's not too hard either.