No worries

[QUOTE=TheCotMan]Hey, thanks for bringing up this topic, and sorry if I was too mean to you.[QUOTE]


No need to worry, I've had much meaner people be a helluva a lot meaner...Staff NCOs in the Corps are used to it (or better be).
I'm in the middle of instructing a class right now, it is 47 training day, 5 days a week. About 2 1/2 months. I haven't looked at everything everyone has offered, but I'm working my way through it. Trust me, I have the "research" portion down, it's understandfing what the hell I'm reading that is the trick..
Thanks again. If I make it to Vegas this year and run into you, I'll buy you a beer.

I have great respect for officers...who stay officers -- and let the NCOs be NCOs. There is an old addage that goes, "How does an officer build a bridge?" The answer is, He says, "Sergeant, build me a bridge!" Of course officer's who say anything else need to be trained to be NCOs or put out on the golf course.

And Priest is one of those dudes whose endorsememt has all the credibility anyone ever needs. If he approves of you, you're golden, if he disapproves of you, just go hunker down in a gutter somewhere and reflect.

Hey, thanks for bringing up this topic, and sorry if I was too mean to you. The immediate assumption when anyone new-ish comes on board the forums trying to use what appears to be clever ways to get information on malware is they are asking, "can you teach me to hack?"

Having an old timer like priest come forward and vouch for you does a lot for your status here as an ok person.

Did you find the acm article I mentioned?

Jan 2005: Not Teaching Viruses and worms is harmful (DOI Bookmark.)

ACM may require a subscription :-( but if you know of a local Uni, or college, or even certain public libraries, you may be able to visit them, and use one of their public workstations to click that link from an "ACM IP Authenticated Range" to download without having an ACM account. If you know someone with an ACM account, you can also get it that way. It was actually in the ACM magazine. (This applies the the other link below.)

Once you have the PDF, viewing it offsite should be easy.

Amazing how "considered harmful" as a title became popular after "goto considered harmful".
That was a good paper too.

Related: (those crazy Canadians are at it again!)
Viruses 101 (pdf, requires account or use from a location that pays a subscription.)
This last one sounds something like where you are going. Try contacting the heads of that program and see if they can help you with resources and even planning of a course.

There are other more specific papers at the ACM too -- too bad they are subscription based. (No, You can't have my account. :-P (heh)

Yeah. You get a sense that he does not like them much. What is the cause? Jealousy? Resentment?

Here we go with the officer-bashing again...

At least my origonal post has kept everyone entertained and occupied in the last days before DEFCON. Thanks again. I'm trying to get to DEFCON this year, maybe I'll run into some of you.

I don't know if the military actually uses them, but I do know the Department of Defense publishes Field/Technical Manuals that teach you do things just like that. Everything from physical fitness training, explosives training (never actually tried that before), to combat techniques.

I did not consider such instructors or lessons. You have a good point, but wouldn't each branch of the military have documents and a repository for such documents? Driving a tank, flying a jet, air combat, throwing grenades, etc. (I really do not know.)

I will concede that you are right on the point that not all instructors should need to know how to use a library to help their research-- as there are probably others topics for which no books/publications exist, and use of a library offers no help to instruction in those topics.

In this, you have won the original argument, but now a new one is spawned:

I can't agree that this is the same, and this part of the discussion may come down to an argument over opinion for which there is no resolution beyond "agree to disagree."

Specific to reverse engineering of malware for understanding of how to build better malware, I see an intimate understanding of the target OS as a prerequisite-- if the desire is to have the students be able to design their own and/or understand what the code they are reverse engineering or building means in the context of the OS. This means having access to look up information about Operating Systems and languages and understand where to find it. Why? In less than 6 months, when new SP/Hot fixes come out, the specific knowledge for the malware examined may be obsolete.

In addition, knowledge of programming languages would be helpful, and considering how well some mallware is obfuscated, a very good understanding of the target language is also called for. Knowing how to find information about strange conventions in languages or unconventional coding (like the obfuscated C contest) will only help the pupil. Much of this information can be found in a library. Language books/resources will also help reverse engineering of the OS parts, which will help in understanding undocumented API in the target OS and how they change with new SP releases/hot fixes/etc.

These assume that the instructor's role is to educate them on how they could do this on their own, and be more than one-short wonders.

If the course is designed to just meet a bullet chart item for the pupil to say they have completed a course in malware reverse engineering, then what is taught really does not matter; the professor could just dissect a piece of malware in front of the class and be done.

Heh-heh. :-)

What you describe is a common complaint on forums of many types-- including this one.

There are expectations by those with desired knowledge of people asking questions. A big one is for them to have done some research on their own. The most common counter-request here is "did you google it?" In more advanced technical discussions, greater research is expected-- especially when those providing answers are just volunteers.

I agree that "just google it" is not the proper answer for all questions, and I have answered many questions to show that, but it seems people are more willing to help others when they demonstrate an attempt to solve their own problem-- the is especially true on a Hacker Forum, where independence in initially working on problems alone is one common factor found in many hackers.

Cheers mate.

As to VMI CanoeU (Annapolis), and WP those are schools for Officers. This gentleman works for a living aka a NCO.

Also remember that an 'Instructor' in military speak is not the same as for a University. An instructor for say grenade throwing (really they do have a NCO who teaches you how to properly throw a grenade) isn't going to be big on the whole 'theory of proper grenade throwing'' ala the local library. Same applies here.

Although I do agree with you that it is a good idea to research and be familiar with the library. However, I see his point (and tend to do this myself) of view where it is a easier thing to simply ask than to muddle through a whole bunch of crap looking for what you need. Esp. when time is short.

Priest

Can't say I trust you, but I do respect your "authoritah" (authority) heh-heh. ]:>

West Point, and Annapolis have good education and teach research. I've known people who worked at these locations, and I took a public tour of one of them. I don't know about the emphasis of other institutions.

I still stand behind my original point, and strongly suggest he get to a library.

Another example: there is a good proposal in a recent copy of the ACM from a professor proposing that colleges with CS programs teach courses in malware design, construction, and reverse engineering. The article is direct, specific and short; it is a good read.

Being an instructor of any topic should have a prerequisite of knowing how to get around a library.

Having someone vouch for him does make me feel more at ease.

Folks-

For the record I know this guy personally. He is a cog in the wheel that is Uncle Sam's Misguided Children (USMC NCO). He is 'good people' and isn't out to dick about. The reason he is a 'teacher' (a better word would be instructor) is because using military logic: his MOS is in the IWIO (Information Warfare/Information Operations) area and thus he must be qualified to teach a course in Malware. Him having any coding experience or for that matter any experience in the field of Information Security is beside the point. Go figure but that's how the ball bounces.

Priest

Yeah, I forgot to include skroo in that list.

I sent skroo an e-mail a while back asking about a networking experiment he was working on months prior, and shortly after he replied, he posted to the forums, but I've not heard anyting more since then.

Noid, Chris, and Skroo hold that title... BTW.. where the hell is skroo?

Actually, Chis and noid are much better than me in this; they are able to convey better humor with fewer words. THAT is an artform all its own. (Quick-wit is a tough thing to learn.)

I have different levels of response to help people:
If they have a good history, I may do nothing, or send them a PM.
If they are new, but well known or show they are trying, I'll generally be kind.
If they do not have a history, I try to give them advice on what they did wrong and how they can do better. The worse they are, the worse the response.
If they repeat the same mistake more than once, then they receive strong condemnation.

Unless helpful information would encourage future rule violations, or the person is being a twit, I'll usually include helpful information with the correction.

All responses are meant to encourage behavior that allows the forums to be a happy place for non-retards. All are meant to encourage those who show they deserve it, and discourage those who are, "looking for a handout," or, "cant be bothered with the rules."

"Your on the air with the CotMan, what's the question?"

"How can I hack?"

"Great Question! We get asked it evey week! The answer is "Fu*k off and die" that's where your going. What happend to the "what's the best exploit right now" guy, I like him, a little, where is he"

"Ummm... What do you mean?"

"Glade you asked!!!! This is public access, no reason to anwser, really your an asshat, next call...."

/That would be a great PA show, no really not kidding! Cot your the best at asshat thrashing (not being sarcastic) looking foward to more!

/drunkin rant (still being serious though)

five-million-six-hundred-fourty-two-thousand-eight-hundred-six... Huh?

Oh. No, this is not NBC. If it were, there might have been a star. No, no, no. This is The best of community television (AKA "Public Access"... You know, $10 for a hour hour timelsot.) I am the unemployed vagrant that counts bricks outside the studio, not a star. They haul my butt into the studio anytime something needs to be said that nobody else wants to say.

Dang! You made me lose count!. One, two, three...