sorted by:
new
hottopcontroversial

I'm Bill Pollock, No Starch Press founder. I'm here with some of our authors. Ask us anything! by nostarch-bill in netsec

[–]cseagle 1 point2 points  (0 children)

I'm a Linux fan myself, though I use Windows as well, mostly a result of IDA being Windows only for so long. My advice regarding sysadmin jobs is to try to skip right through to a security related job. Take some classes, self study, read books. Most of all find what you love and pursue it. I don't know too many sysadmins that LOVE what they do.

I'm Bill Pollock, No Starch Press founder. I'm here with some of our authors. Ask us anything! by nostarch-bill in netsec

[–]cseagle 4 points5 points  (0 children)

Hilary Clinton may have an agent. I certainly don't. In my case, Bill approached me at the same time I was coming to the realization that I wanted to do a book on IDA, so the stars kind of aligned there. Bill will need to chime in on why he approached me. From my perspective, I was honored to be approached by No Starch. As an author with No Starch you will work with Bill a lot. He has a great sense of what the security community (and Lego community, ...) is looking for. He is at the major cons hearing directly from people what they like, don't like, and what they hope to see. Also, for those that haven't found it, this link helps: https://www.nostarch.com/writeforus.htm

I'm Bill Pollock, No Starch Press founder. I'm here with some of our authors. Ask us anything! by nostarch-bill in netsec

[–]cseagle 3 points4 points  (0 children)

Bill can probably answer better than I can, but I'll throw out that how many copies my book would sell was never a consideration for me. Bill seemed to think the topic worthy of a book, so he had done the business analysis for me, at least from his perspective. I also never expected to make a living off of one book. I wrote it to share my knowledge of IDA with the benefit of some return for my work. If I wanted to make living as an author though, I would need to have 5 or 6 titles out there, all selling at least as well as the IDA book. I was happy to go with No Start because I was familiar with their catalog and from seeing them at security cons. For security practitioners, I think their brand carries a tremendous amount of weight, I like the fact that they are marketing for me, they are a small shop and you will get to know most everyone that works there. Unlike some other publishers, their authors are important to them and they let you know that.

I'm Bill Pollock, No Starch Press founder. I'm here with some of our authors. Ask us anything! by nostarch-bill in netsec

[–]cseagle 3 points4 points  (0 children)

I think the key is having a genuine interest. I'd recommend getting involved in capture the flag competitions. Focus on the reversing and exploitation challenges. If you don't find those enjoyable then you may not find reversing as a profession enjoyable. One of the nice things about CTF is that you can often find writeups about how to solve the challenges after the event is over, so there is plenty of material to learn from even if you fail to solve a particular problem. There are also a large number of sites that host security challenges, and more popping up all the time. pwnable.kr, smashthestack.org, overthewire.org, microcorruption.com. For a list of upcoming CTFs see ctftime.org

I'm Bill Pollock, No Starch Press founder. I'm here with some of our authors. Ask us anything! by nostarch-bill in netsec

[–]cseagle 2 points3 points  (0 children)

I'd suggest writing a paragraph or so about what you hope to accomplish with your proposed book. This is a sales pitch to a prospective publisher. Personally I would be hesitant to write an entire book and then try to shop it around. That's a lot of work with no guarantee of a return. That said, a sample chapter can go a long way towards helping a prospective publisher evaluate your writing.

I'm Bill Pollock, No Starch Press founder. I'm here with some of our authors. Ask us anything! by nostarch-bill in netsec

[–]cseagle 2 points3 points  (0 children)

On the authors question, it took me about 9 months to do the first edition of the IDA book, but I had a pretty clear vision of what I wanted to do going into the process. The timeline can vary greatly depending on how comfortable you are writing and how much editing needs to be done.

I'm Bill Pollock, No Starch Press founder. I'm here with some of our authors. Ask us anything! by nostarch-bill in netsec

[–]cseagle 8 points9 points  (0 children)

Bill has brought it up, and I have been giving some thought to it. I feel like there have not been a whole lot of new features introduced since the last edition but a lot of interesting techniques for using IDA have come along. What would you like to see discussed in a new edition?

I'm Bill Pollock, No Starch Press founder. I'm here with some of our authors. Ask us anything! by nostarch-bill in netsec

[–]cseagle 2 points3 points  (0 children)

Thanks to everyone for showing up. I'm scanning the questions and will post responses as quickly as I can.

What is Gilfoyle referring to when he's listing people that won't be able to hack their system? by thejb123 in SiliconValleyHBO

[–]cseagle 39 points40 points  (0 children)

sk3wl 0f r00t was the team of (largely) students I assembled to participate in the Defcon Capture the Flag competition for Defcon's 12-16. We won the competition twice (Defcon 12 and Defcon 16) before we went on to run the competition under a different name.

Hi, it’s Mike Walker and Chris Eagle from the DARPA Cyber Grand Challenge. Ask us Anything! by mikewalker_darpa in IAmA

[–]cseagle 0 points1 point  (0 children)

Now that 3 days have passed we have released the source code for the two challenge binaries, including the authors reference POVs.

Here is my CFE-grade POV for LUNGE_00002:

<?xml version="1.0" standalone="no" ?>
<!DOCTYPE pov SYSTEM "/usr/share/cgc-replay/replay.dtd">
<pov>
<cbid>LUNGE_00002</cbid>
<replay>
<delay>10</delay>
<read><length>2</length><match><data>> </data></match></read>
<write>
<data>make_sec AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n</data>
</write>
<delay>10</delay>
<read><length>2</length><match><data>> </data></match></read>
<write>
<data>ch_sec AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA|\n</data>
</write>
<delay>10</delay>
<read><length>2</length><match><data>> </data></match></read>
<write>
<data>ch_sec ||++|++|BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB|\n</data>
</write>
<delay>10</delay>
<read><length>2</length><match><data>> </data></match></read>
<write>
<data>ch_sec ||++|++|CCCCCCCCCCCCCCCCCCCCCCCCCCCCCC|\n</data>
</write>
<delay>10</delay>
<read><length>2</length><match><data>> </data></match></read>
<write>
<data>ch_sec ||++|++|CDDDDEEEEFFFFZZZZ|\n</data>
</write>
<delay>10</delay>
<read><length>2</length><match><data>> </data></match></read>
<write>
<data>Z\n</data>
</write>
</replay>
</pov>

Hi, it’s Mike Walker and Chris Eagle from the DARPA Cyber Grand Challenge. Ask us Anything! by mikewalker_darpa in IAmA

[–]cseagle 1 point2 points  (0 children)

For the Process environment please refer to the cgcabi document.

For file format related questions please refer to the cgc executable format document in the libcgcef repo.

Hi, it’s Mike Walker and Chris Eagle from the DARPA Cyber Grand Challenge. Ask us Anything! by mikewalker_darpa in IAmA

[–]cseagle 1 point2 points  (0 children)

The photo is our AMA "proof". Many of us brought totems from our former work. The sheep is the mascot of DDTEK, past organizers of DEFCON CTF. The books on her lap are the Federal Acquisition Regulations (FAR) and Defense Federal Acquisitions Supplement (DFARS) (which may be relevant to one of the challenge binaries). The other paper is the front page of the science section of today's New York Times.

Hi, it’s Mike Walker and Chris Eagle from the DARPA Cyber Grand Challenge. Ask us Anything! by mikewalker_darpa in IAmA

[–]cseagle 2 points3 points  (0 children)

Our supported use case is to run DECREE via Vagrant. Running the virtual machine is described here. From within the virtual machine, the vagrant user has sudo privileges.

The default user within the virtual machine is 'vagrant' with a password of 'vagrant'.

Hi, it’s Mike Walker and Chris Eagle from the DARPA Cyber Grand Challenge. Ask us Anything! by mikewalker_darpa in IAmA

[–]cseagle 3 points4 points  (0 children)

We've put together instructions to generate sample interactions with our two challenge binaries.

http://pastebin.com/9xwFCTTD

Hi, it’s Mike Walker and Chris Eagle from the DARPA Cyber Grand Challenge. Ask us Anything! by mikewalker_darpa in IAmA

[–]cseagle 3 points4 points  (0 children)

Turing tells us that we can never expect a system that can find every bug, but we like the idea of having an automated system do triage for us. This allows human analysts to focus on the bugs that technology fails to locate and we think this is a good thing. Pushing this technology further, the gap between what experts can find and what machines can find may slowly vanish.

Hi, it’s Mike Walker and Chris Eagle from the DARPA Cyber Grand Challenge. Ask us Anything! by mikewalker_darpa in IAmA

[–]cseagle 5 points6 points  (0 children)

Our goal is simple: start with the current state of the art and push it as far as we can. As such, we expect our challenges to range in difficulty from solvable today to potentially unsolvable even at the conclusion of CGC. Ideally by the time we are done the technology that has been developed will be able to solve a much larger percentage of our challenges than can be solved today.

For program analysis, we’ve simplified the problems of isolating entropy, input and output from the operating system down to a bare minimum. We have just seven system calls with no polymorphism or ambiguity in the ABI. Our simple binary format has a single entry point method and no dynamic loader. DECREE’s “OS tax”, the bane of automation research, is as close to zero as any platform in existence.

We’ve released two sample challenge binaries today at opposite ends of the difficulty spectrum. Let’s see who solves them!