You may wish to take a look at assembly language. It will give you a good
grounding in understanding why\how buffer overflows are exploited.
It will highlight the importance of good coding practices.
You will need to be familiar with a programming language to truly have fun
with this.
I wish I had more time to contribute to these forums! I could type for a
long time about such things.
Take a look here , someone posted it a week or two ago..

http://www.securitytube.net/groups?operation=view&groupId=5

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Littlefield, Tyler
Sent: 22 May 2012 16:20
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: locating exploits in open source

Hello all:
Before I dive into reverse engineering, I'd like to start off smaller.
I understand bits and pieces of some exploits, so I'd like to start work on
my own to help contribute somehow. Given source code to a project, how do
people usually proceed with finding exploits? I've played with some, and
have some understanding of how they work, but the actual figuring out how to
make them is beyond me; tips and etc would be welcome.

Here's kind of what I am thinking to get going. There are static analysis
tools like splint and clang has one as well, that I could run over the code
and look for "unsafe" functions that I could possibly exploit where they are
used. Using this I will need a deeper understanding of buffer overflows, but
I think it can be done. Are there other entrypoints to this as well?

Thanks,
Ty

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate. We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
d1
------------------------------------------------------------------------

The contents of this e-mail and any attachments are the property of Baker Ross Limited\Yellow Moon UK Ltd and are intended for the confidential use of the named recipient(s) only. They may be legally privileged and should not be communicated or relied upon by any person without our express written consent. If you are not the addressee please notify the sender immediately. Any files attached to this e-mail will have been checked with virus detection software before transmission. However you should carry out your own virus check before opening any attachment. Baker Ross Limited\Yellow Moon UK Ltd accepts no liability for any loss or damage which may be caused by software viruses. Baker Ross Limited\Yellow Moon UK Ltd may monitor email traffic data and also email content for the purposes of security and staff training.Baker Ross Ltd\Yellow Moon UK Ltd cannot guarantee the accuracy or completeness of this email after it is sent from the originator over the internet and accepts no responsibility for changes made after it was sent. Any opinion expressed in this email is personal to the author and may not necessarily reflect the opinions of Baker Ross Ltd\Yellow Moon UK Ltd.

Baker Ross Limited registered in England, registered number 1604275, VAT Reg No. GB 375 5220 52.
Yellow Moon UK Limited registered in England, registered number 4781729, VAT Reg No. GB 811 5660 50.

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]