[Noisebridge-discuss] Interested in Reverse Engineering or Vulnerability Research?
unmarshal at gmail.com
unmarshal at gmail.com
Tue Jun 23 03:38:34 UTC 2009
So I'm thinking there will definitely be an online component, There will
definitely be slides, a mailing list, a common machine for everyone to log
into to work on. The reason we will use a common machine is so I can
control the libraries and compiler so we are all on equal footing, using
the same offsets and memory addresses. There will be homework and misc
challenges to reverse engineer and/or hack binaries I put up that exercise
specific knowledge from the lesson. We can eventually turn this into a game
and invite other people from the internet to participate in the hacking
challenge. It would be setup like a game with each level requiring you to
hack a binary in that directory, giving you permissions higher up in the
chain... first guy to reach max permissions can touch a file
bindWuzHere31337 or whatever ;).
I'm very pleased there are people interested. I will work very hard to put
together a coherent lesson plan and will help everyone move forward in
their endeavors to hack the planet. My only weakness as a teacher in this
situation is that I am out of the loop on the latest and greatest
techniques. The good thing though is that the principles that are taught in
this class remain relevant despite the extra hoops you now have to jump
through these days.
This will be a lesson on hacking Linux systems on x86 processors. I am not
super knowledgeable about windows hacking, although if this is a success, I
will call up some friends who will be able to supplement. We can also
perform a case study of Mac OSX as it is a ripe system for hacking despite
a small remote attack surface.
We will also study vulnerability discovery methods such as source code
auditing, closed source reverse engineering and fuzzing. We will also be
going over x86 assembly for writing shellcode, debugging with gdb. You can
write the actual exploits in any language you wish. I will take votes on
what most people know. We could write them in C, Ruby or Python. I'd prefer
C.
I'm very excited. Stay tuned for more details!
Also if you guys are interested in checking out some of my older exploits:
http://unmarshal.github.com
I posted my good ones that got me pretty far back in the day ;)
I am slowly uploading all of my hacking tools circa 1998-2005. Most of them
are simply relics, but they have some interesting stories behind them
nonetheless.
-Marshall aka bind
On Jun 22, 2009 7:11pm, Daniel Packer <dp at danielpacker.org> wrote:
> I'd be interested in participating in this remotely if possible.
> Several weeks back I tried to organize this and have the names of
> several interested parties. If you search the archives you'll find a
> few folks who were even interested in offering tutorials(Dr. Jesus for
> example).
> Great idea, wish you the best.
> -Daniel
> >> I'ma bit rusty, but I am looking for a reason to jump back in to the
> >> above mentioned topics. Would anyone be interested in attending a
> >> class about reverse engineering software on intel processors and/or
> >> identifying vulnerabilities in C code and exploitation techniques? I
> >> spent a lot of time in the hacking scene and the computer security
> >> industry doing these things and burned out and left it for full time
> >> programming about 2 years ago. I would have no problem teaching an
> >> introductory class on these topics. I will admit, I'm not super hip
> >> on the latest in protection techniques that guard against these
> >> attacks, but I could teach the fundamentals while getting up to speed
> >> on circumventing the protection techniques.
> >>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20090623/846efb29/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list