Friday, March 29, 2013

response to metrics questions

I hate metrics because most of the time the people in upper management who use them have no idea what the context behind them is.

This was the latest request I got:
What % of exploits use buffer overflow
What % use ROP
What % use stack pivoting techniques in the case the overflowed buffer isn't large enough to hold the entire "ROP sled" [I'm sure they meant NOP sled.]

Does anyone have time to actually keep track that? Are we talking about worldwide?

Sourcefire and Symantec might:

Their justification for this information: "I have a meeting I have to attend."

My thoughts: "Do they know the difference between vulnerability and exploit? Probably not."

My response: "Google Metasploit capabilities." LMAO

Tuesday, March 5, 2013

Dream Malware Lab Gets Milkshake Bar

Today they made everyone fill out another form because it might snow tonight.

2nd Law of Bureaucracy: "When in doubt, add paperwork."

Speaking of bureaucracy, the last 6 months of my life kinda go like this:
POLICY: What do you want?
ME: Malware policy
POLICY: Like written down
ME: Well, yeah, written down or at least in existence.
POLICY: What do you want it to look like?
ME: You tell me. You're the policy experts.
POLICY: We don't know, you tell us.
ME: I want it to look like this....[presents a beautiful bouquet of flowers]
POLICY: [eats flowers and barfs into vat of cafeteria chili] Oops...sorry


For that reason we decided to install a fire pit at the dream malware lab. It will be out back. There will be aboriginal chieftains chanting at the people trying to commune with malware. The computers will be running off a generator which the policy people will be manual powering...I'm thinking via hamster wheel.

And then we added the milkshake bar for shits and giggles. It'll have to be Chick-fil-A milkshakes though.

Monday, March 4, 2013

The Dream Malware Lab in the Sky

Today I found this on Tumblr:

And immediately I lost 30 minutes of work time laughing my ass off because it's all so true.

I run a malware lab. If the government wasn't so shitty, I wouldn't be sequestered.

If I wasn't sequestered, perhaps I would be able to build my dream malware lab in the sky. Not literally in the sky but it would probably have skylights.

And picture windows. Which would have scenic views.

I would have an aquarium maybe. Or a shark tank.

I would install slides to get from a top floor to a bottom floor.

I would get touch screens...maybe like Minority Report. Fuck it, I'll get precogs too.

Or at least the latest hardware and software to run bad stuff against.

In short maybe I should go work at Google.

Or Amazon.

Or publish a couple of my books on Amazon.

Oh hey! There's one for writer's too: