lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4ef5fec60803191346v4435c77av440c251469af80ac@mail.gmail.com>
Date: Wed, 19 Mar 2008 13:46:31 -0700
From: coderman <coderman@...il.com>
To: reepex <reepex@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu
Subject: Re: [full disclosure] agile hacking?

On Wed, Mar 19, 2008 at 12:42 PM, reepex <reepex@...il.com> wrote:
> ...  I much prefer books like
> 'hacking the art of exploitation', 'the art of software security
> assessment', and 'secrets of reverse engineering' because they are tool
> agnostic and teach the low level concepts that are going on.

amen!

the first and last are two of my favorites.  this discussion mirrors
the tension between programmers steeped in the physical architecture
they use and complicated but indispensable concepts like asm
instr/pointers and  (some of) the newer generation familiar only with
high level scripting languages and toolkits that abstract away all
such details.

while the latter can be effective and appropriate for a myriad of
modern development tasks, there is still a world of understanding that
will never be accessible at such higher layers.

there is no point in arguing which is better; these are complementary
skills that the truly proficient will master at both ends of the
spectrum.  this way leads to wisdom.

as for "hacking" tool set tutorials (howto kismet, wireshark,
metasploit, etc), these texts are as satisfying as a dir full of man
pages.  useful references, yes.  fundamentally instructive in theory
they are not.

to each his own...


[i'll add 'Silence on the Wire' to this list of useful texts]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ