[Dailydave] The basic definition of success
Dave Aitel
dave at immunityinc.com
Tue Dec 20 15:24:50 EST 2011
So padding oracle vulnerabilities are still everywhere, and still quite
interesting, and also quite hard to teach. We have a module in the
upcoming INFILTRATE WebHacking class
<http://infiltratecon.com/training.html>, and I have to admit, as we
read the slides and looked over the exercises today I was left thinking
"I have no idea how long this module is going to take to teach". Because
if your mind is twisted in the right direction, it makes perfect sense.
You decrypt the captcha, and then you move on and decrypt the login
exercise, and it all goes smoothly. No more than an hour.
But I could also see spending all day on it if your brain wasn't
contorted correctly. And it'd be worth it at the end, because you'll
have root on a lot of boxes you didn't have earlier (which is the basic
definition of success).
-dave
--
INFILTRATE 2012 January 12th-13th in Miami - the world's best offensive information security conference.
www.infiltratecon.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20111220/88d136bf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20111220/88d136bf/attachment.sig>
More information about the Dailydave
mailing list