Ketchup wrote:Sil, the Assured Exploitation course sounds like a ton of fun. I wonder how that compares with Offsec's AWE.
I don't want to take anything away from Mati and the crew at Offsec but looking at their syllabus (http://www.offensive-security.com/docum ... tation.pdf
) I will give my two cents on this...
If you're into reverse engineering and exploitation on any level. You should know the names Dino Dai Zovi and Alex Sotirov. If you haven't heard the names - to be quite honest, you have many years to go (learning and maturing) on the exploitation side of the pentesting industry...Dino:
Art of Security Testinghttp://www.amazon.com/Mac-Hackers-Handb ... t_ep_dpi_1http://www.amazon.com/Art-Software-Secu ... t_ep_dpi_2
Dino taught (might still teach) the exploitation courses at Polytechnic in Brooklyn NY. Overall he is a pretty cool guy aside from him being probably one of the scariest people I've come across either via correspondence or just knowing whom the person is.Alex:
SSL broken! Hackers create rogue CA certificate using MD5 collisionshttp://www.zdnet.com/blog/security/ssl- ... sions/2339
[Alex] is well known for his discovery of the ANI browser vulnerability as well as the so-called Heap Feng Shui technique for exploiting heap buffer overflows in browsers...
Security researchers Alexander Sotirov and Mark Dowd have developed a technique that bypasses many of the new memory-protection safeguards in Windows Vista, such as address space layout randomization (ASLR). The result of this is that any already existing buffer overflow bugs that, in Vista, were previously not exploitable due to such features, may now be exploitable.http://en.wikipedia.org/wiki/Criticism_ ... n_features
They're both at the forefront (bleeding edge) of exploitation and its often their work that others use in their classes (AWE). So you have an option... Get it from those who wrote the book, or get it from those who read and learned from those who wrote the book.
If there was one course... Only one course I could take for the next say 3-4 years... This definitely would be it. I still need to hit that "aha! Thats what I was missing!" I don't feel I've hit it at this stage.
On the pentesting side of things:
Network penetration - check
system penetration - check
programming - check (too many languages to list)
incident response - check
network / host based analysis and forensics - check
All checks to me imply I'm very versed, have no problem even teaching concepts and methodologies...
reverse engineering - work in progress
exploiting via reverse engineering - work in progress
Those are my weak spots. Reverse engineering from a quality assurance/security (http://www.amazon.com/Fuzzing-Software- ... 295&sr=8-1
) is not my strong spot. I'd like to learn it better until I feel comfortable. I have no problem finding bugs/exploits for programs, I often have problems making it repeatably weaponized.