In our ongoing series covering our most recent live PWB in the Caribbean course, Johnny picks up from Part 1 and provides an inside and personal look at the course as it picks up speed and increases in difficulty.
The Pain Begins
Day three brings some pretty heavy discussion about Metasploit. My experience with Metasploit is dated by at least two major revisions, which means I have a lot of catching up to do. Jim picks up a portion of the instruction on day three, and one thing that strikes me is his proficiency with the framework. Muts frequently turns to Jim for esoteric-sounding advice and when Jim takes the podium, his confidence encourages us. Thereʼs so much to know about Metasploit; there are so many features and utilities, so many facets, and so many usage possibilities that it can be overwhelming. How in the world can anybody know so much about it?
Then I remember: Jim and Muts along with Devon Kearns and Dave Kennedy literally wrote the book on Metasploit. Their experience and efforts culminated in the recent release of Metasploit: The Penetration Testerʼs Guide, the best and only “sanctioned” book on the subject, authorized and assisted by none other than H.D. Moore and the Metasploit development team. Needless to say, their knowledge on the subject runs deep.
This is also evident in the teamʼs knowledge of BackTrack, the de-facto standard toolset for professional penetration testers. After all, the instructors are not only core developers and hardcore power users of BackTrack, but also career penetration testers.
In an industry awash in technical, security, and “hacking” training, there are very few courses developed, taught, and supported by such hardened, recognized experts in the field. As if thatʼs not rare enough, each of them is humble and approachable and can bring highly-technical material down to earth.
The more I work with this team, the more amazed I am by them.
“When you start slapping yourself for me, I know I’ve done a good job.” -Muts
Muts warned us. He told us that the class would increase in intensity and difficulty as the week progressed. I made it through the first modules relatively unscathed. My experience in the field kept me afloat as I adjusted to the challenges of student life (I never was a good student). Then, my worst nightmares were realized as muts casually announced the beginning of a section on buffer overflows.
In my days of pentesting, I served as an unofficial team leader (or mascot, Iʼm not sure which). This role(s) suited me well. I was able to remain conversational across different disciplines and recruit team members to serve as specialists in each discipline. After time, I became a jack-of-all-trades but unfortunately this meant that I was also a master of none. Because of this, I never took the time to learn Assembly. I was conversational about buffer overflow techniques. I could regurgitate definitions and techniques and hold an intelligent conversation on the subject. I could execute tools that exploited buffer overflows and more appropriately, I knew when to execute them. After a while, I convinced myself that Assembly was unnecessarily obtuse, a language relegated to the most hardcore geeks. Buffer overflows and other low-level software vulnerabilities by extension, were for the geekiest of the geeks. Members of my team loved that stuff, so I let them concentrate on it to the exclusion of all else. Because of this, I eventually convinced myself that I didnʼt really need to know much more about what was under the covers of my favorite exploits. So, I skipped over “all that low-level stuff” but secretly I dreaded the day when I would be forced to admit that I didnʼt know Assembly and that by extension, I wasnʼt a real hacker.
Mutsʼ words hung in the air. “Weʼll look at buffer overflows today,” he began. The room dipped as he fired of a string of dreaded nouns. “Disassembler. Assembly. Debugger. Fuzzer.”
I was so screwed, and I knew it.
I needed months, not hours, to absorb this stuff. There was no possible way I was going to be able to follow this. My survival instinct began to kick in and I found myself concocting a complex plan to bail without drawing any undue attention to myself, but it was too late. Muts had jumped right in…