[Noisebridge-discuss] Interested in Reverse Engineering or Vulnerability Research?
Miah Johnson
miah.johnson at chia-pet.org
Tue Jun 23 04:57:20 UTC 2009
Metasploit is really damn cool. Unfortunately, with extreme awesomness
comes complexity. Learning Metasploit is a class all by itself.
Metasploit is so huge it even has its own track at Blackhat this year.
http://www.blackhat.com/html/bh-usa-09/bh-usa-09-schedule.html
-Miah
On Jun 22, 2009, at 9:45 PM, unmarshal at gmail.com wrote:
> Personally, I think using metasploit might be overkill for what I'm
> aiming for. I'm much more interested in illustrating general
> principles. I have written exploits using metasploit and it's
> definitely more steps than I'd prefer in the context of teaching. I
> think I will see who rises to the top of the class and leave this as
> an exercise for the users. I think doing simple C exploits will allow
> us to focus on the principles instead of all the bells and whistles
> metasploit provides. Good suggestion though. I think eventually we
> can move in this direction.
>
> I'm trying to remember this older hacking challenge... they had a
> level based system. If only I could remember the name.
>
> Point though is that I want to roll my own, with my own servers so I
> can control for all the variables and everyone can be on the same
> environment. For a class like this, I choose to use my own materials
> rather than recycle other people's work. Besides, one thing I'm also
> trying to get out of this is a portfolio of teaching materials that I
> came up with. We will go through real world case studies as well.
>
> -M
>
> On Mon, Jun 22, 2009 at 8:46 PM, Sai Emrys<noisebridge at saizai.com>
> wrote:
>> On Mon, Jun 22, 2009 at 8:38 PM, <unmarshal at gmail.com> wrote:
>>> We could write them in C, Ruby or Python. I'd prefer C.
>>
>> FWIW: Metasploit is written in Ruby + some C, and I'd suggest
>> teaching
>> exploits in its context where applicable, as it's a good way to learn
>> and contribute back to the community.
>>
>> Of course, it's mostly 'net oriented; I don't know of anything
>> similar
>> aimed at same-system program exploits (e.g. cracking).
>>
>> Also: surely you're aware that there are LOTS of extant hacking
>> challenges? I'd suggest using one or more rather than making yet
>> another, unless you're making something that's new (which, for any
>> basic stuff, you almost certainly aren't).
>>
>> - Sai
>>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
More information about the Noisebridge-discuss
mailing list