[Noisebridge-discuss] Interested in Reverse Engineering or Vulnerability Research?

[unmarshal at gmail.com]

Personally, I think using metasploit might be overkill for what I'm
aiming for.  I'm much more interested in illustrating general
principles.  I have written exploits using metasploit and it's
definitely more steps than I'd prefer in the context of teaching.  I
think I will see who rises to the top of the class and leave this as
an exercise for the users.  I think doing simple C exploits will allow
us to focus on the principles instead of all the bells and whistles
metasploit provides.  Good suggestion though.  I think eventually we
can move in this direction.

I'm trying to remember this older hacking challenge... they had a
level based system.  If only I could remember the name.

Point though is that I want to roll my own, with my own servers so I
can control for all the variables and everyone can be on the same
environment.  For a class like this, I choose to use my own materials
rather than recycle other people's work.  Besides, one thing I'm also
trying to get out of this is a portfolio of teaching materials that I
came up with.  We will go through real world case studies as well.

-M

On Mon, Jun 22, 2009 at 8:46 PM, Sai Emrys<noisebridge at saizai.com> wrote:
> On Mon, Jun 22, 2009 at 8:38 PM, <unmarshal at gmail.com> wrote:
>> We could write them in C, Ruby or Python. I'd prefer C.
>
> FWIW: Metasploit is written in Ruby + some C, and I'd suggest teaching
> exploits in its context where applicable, as it's a good way to learn
> and contribute back to the community.
>
> Of course, it's mostly 'net oriented; I don't know of anything similar
> aimed at same-system program exploits (e.g. cracking).
>
> Also: surely you're aware that there are LOTS of extant hacking
> challenges? I'd suggest using one or more rather than making yet
> another, unless you're making something that's new (which, for any
> basic stuff, you almost certainly aren't).
>
> - Sai
>