|
|
[ Message Precedent sur la mailing][ Message Suivant sur la mailing][ Precedent dans le fil][ Prochain dans le fil][ Index par Date][ Index par fil]
Re: [Full-disclosure] What the f*** is going on?
I'm the first one among many who want to learn RE and low level
things,
but I think both of the sides are complex enough.
I am not sure if you follow the teachings of Fredrick Diggle but to paraphrase you may imagine security as a disc. On one side you have web app security (for illustrative purposes let us imagine this thusly)
, - ~ ~ ~ - ,
, ' ' ,
, ,
, ,
, ,
, alert() ,
, ,
, ,
, ,
, , '
' - , _ _ _ , ' On the other side you have low level security with mountains of stale objects and ROP payloads cascading over waterfalls of executable pages. We flip the disc over and envision this...
, - ~ ~ ~ - ,
, ' ' ,
, ,
, ,
, ,
, MOV al, 0x0b ,
, ,
, ,
, ,
, , '
' - , _ _ _ , '
Now your average hacker is handed this disc and stares intently at a side. The swirling colors, the endless complexity, it becomes all engrossing. But the Diggle teaches that we must examine a side only for a time, we then flip the disc and appreciate the majesty that is the flip side. Then after a similar period another flip and another and another until the two sides blend into a single sphere. only then does the student realize that the target system encompasses all of this and that the alert box is simply an object which can be used after free() like any other.
Tangentially, I prefer to look at this sphere after drinking thus seeing two of them side by side.
, - ~ ~ ~ - , , - ~ ~ ~ - ,
, ' ' , , ' ' ,
, , , ,
, , , ,
, , , ,
, MOV al, 0x0b , , MOV al, 0x0b ,
, , , ,
, , , ,
, , , ,
, , ' , , '
' - , _ _ _ , ' ' - , _ _ _ , '
Fredrick Diggle Esq.
YAY!
Isn't your colleague Michal more focused on web app security
nowadays?
Cheers
antisnatchor
Full-Disclosure - We believe in it.
Charter: link://[click]
Hosted and sponsored by Secunia - link://[click]
Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
