pHi1t3r
February 15th, 2011, 23:34
I have been interested in security particularly vulnerabilities and exploit development for a number of years but I have never really put much effort past the "hackmes" with strcpy or something relatively trivial to find. I've even gone the script kiddie route and modified some PoC exploits [Not like that. I used to have a SPARCstation that I had long since forgotten the password too. I rooted it but I liked the flair of it so much that I continued to use a bindshell when I wanted to use it. We all have our moments. haha].
I am a little curious about the methodology employed by security researchers. I have used (and written to little success) fuzzers before and I have read fairly extensively on the subject but the actual process still remains a bit of a mystery to me. Is the field primary composed of people fuzzing a target and waiting until it breaks or is there more static analysis involved and, if so, does the static analysis consist of trolling every function of a binary for assessment?
The latter seems less likely but if so I am really curious as to the process by which one would approach a real world binary. This may provoke some flames but, after looking at some of the research and projects that are forwarded by this community, the fuzz-and-forget model seems to lack the "down and dirty" reversing that much of the popular online media seems to credit the researchers. I am almost sure that I'm missing something.
I am a little curious about the methodology employed by security researchers. I have used (and written to little success) fuzzers before and I have read fairly extensively on the subject but the actual process still remains a bit of a mystery to me. Is the field primary composed of people fuzzing a target and waiting until it breaks or is there more static analysis involved and, if so, does the static analysis consist of trolling every function of a binary for assessment?
The latter seems less likely but if so I am really curious as to the process by which one would approach a real world binary. This may provoke some flames but, after looking at some of the research and projects that are forwarded by this community, the fuzz-and-forget model seems to lack the "down and dirty" reversing that much of the popular online media seems to credit the researchers. I am almost sure that I'm missing something.