[Noisebridge-discuss] Interested in Reverse Engineering or Vulnerability Research?

unmarshal at gmail.com unmarshal at gmail.com
Tue Jun 23 03:38:34 UTC 2009 

So I'm thinking there will definitely be an online component, There will  
definitely be slides, a mailing list, a common machine for everyone to log  
into to work on. The reason we will use a common machine is so I can  
control the libraries and compiler so we are all on equal footing, using  
the same offsets and memory addresses. There will be homework and misc  
challenges to reverse engineer and/or hack binaries I put up that exercise  
specific knowledge from the lesson. We can eventually turn this into a game  
and invite other people from the internet to participate in the hacking  
challenge. It would be setup like a game with each level requiring you to  
hack a binary in that directory, giving you permissions higher up in the  
chain... first guy to reach max permissions can touch a file  
bindWuzHere31337 or whatever ;).

I'm very pleased there are people interested. I will work very hard to put  
together a coherent lesson plan and will help everyone move forward in  
their endeavors to hack the planet. My only weakness as a teacher in this  
situation is that I am out of the loop on the latest and greatest  
techniques. The good thing though is that the principles that are taught in  
this class remain relevant despite the extra hoops you now have to jump  
through these days.

This will be a lesson on hacking Linux systems on x86 processors. I am not  
super knowledgeable about windows hacking, although if this is a success, I  
will call up some friends who will be able to supplement. We can also  
perform a case study of Mac OSX as it is a ripe system for hacking despite  
a small remote attack surface.

We will also study vulnerability discovery methods such as source code  
auditing, closed source reverse engineering and fuzzing. We will also be  
going over x86 assembly for writing shellcode, debugging with gdb. You can  
write the actual exploits in any language you wish. I will take votes on  
what most people know. We could write them in C, Ruby or Python. I'd prefer  
C.

I'm very excited. Stay tuned for more details!

Also if you guys are interested in checking out some of my older exploits:

http://unmarshal.github.com

I posted my good ones that got me pretty far back in the day ;)

I am slowly uploading all of my hacking tools circa 1998-2005. Most of them  
are simply relics, but they have some interesting stories behind them  
nonetheless.

-Marshall aka bind


On Jun 22, 2009 7:11pm, Daniel Packer <dp at danielpacker.org> wrote:
> I'd be interested in participating in this remotely if possible.

> Several weeks back I tried to organize this and have the names of

> several interested parties. If you search the archives you'll find a

> few folks who were even interested in offering tutorials(Dr. Jesus for

> example).



> Great idea, wish you the best.



> -Daniel





> >> I'ma bit rusty, but I am looking for a reason to jump back in to the

> >> above mentioned topics. Would anyone be interested in attending a

> >> class about reverse engineering software on intel processors and/or

> >> identifying vulnerabilities in C code and exploitation techniques? I

> >> spent a lot of time in the hacking scene and the computer security

> >> industry doing these things and burned out and left it for full time

> >> programming about 2 years ago. I would have no problem teaching an

> >> introductory class on these topics. I will admit, I'm not super hip

> >> on the latest in protection techniques that guard against these

> >> attacks, but I could teach the fundamentals while getting up to speed

> >> on circumventing the protection techniques.

> >>

> _______________________________________________

> Noisebridge-discuss mailing list

> Noisebridge-discuss at lists.noisebridge.net

> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20090623/846efb29/attachment-0003.html>

More information about the Noisebridge-discuss mailing list