Plant A Seed

From SecurityForest

Table of contents

1 Guide Lines 2 Proposed Seeds 2.1 ShellcodeTree - (Proposed by gotcha) 2.2 NewsTree - (Proposed by Loni) 2.3 DiscussionTree - (Proposed by Loni) 2.4 AdvisoryTree - (Proposed by Loni) 2.5 CryptoTree - (Proposed by ports) 2.6 CodingTree - (Proposed by Physaro) 2.7 StandardsTree - (Proposed by DeviceZ)

Guide Lines

1. When proposing a Seed, please include your name (optional) and a description.
2. Please add your name to the proposed seed if you support the planting of it.
3. Comments are definitely welcome - pro & con

Proposed Seeds

ShellcodeTree - (Proposed by gotcha)

• Description: Shellcode can be seen as a list of instructions developed to be injected into an application during runtime. Injecting shellcode into an application can be done trough many different security holes of which buffer overflows are the most popular ones. Writing shellcode has almost became an art as anyone can see in a search for shellcode in phrack (http://www.phrack.org/search/index.php?author=&andor=or&title=shellcode&comment=&submit=submit) or articles like Writing_shellcode.html (http://www.shellcode.com.ar/docz/bof/Writing_shellcode.html) or AdvancedShellcodingTechniques.html (http://www.darawk.com/papers/AdvancedShellcodingTechniques.html). This tree would consist of categorized shellcodes. This might include conventional shellcodes or commonly used ones, polymorphic shellcodes or from evasion, and others. It could start with the ones at shellcode.com.ar (http://www.shellcode.com.ar/en/shellcodes.html).
• Supported by: Gotcha,
• Comments:

Loni 16:46, 19 Dec 2004 (IST): Nice idea, but I think it should be a branch in the ExploitTree. Either in the CVS itself or on the wiki. What do you think ?

Gotcha 17:25, 19 Dec 2004 (IST) I think it should go in the CVS itself as a different 'cvs tree'/project (possible name: ShellcodeBranch) for two reasons: 1) this might get a considerable magnitude and 2) it will get in the way of the user browsing the ExploitTree that is just searching for exploits. In the wiki I think it should be a branch/sub-category in the ExploitTree. Does this make sense to you?

NewsTree - (Proposed by Loni)

• Description: A worldly informative and fun tree. Could include news from sources such as Wired (http://www.wired.com), The Register (http://www.theregister.co.uk), Cnet News (http://news.com.com), Technology News (http://www.technewsworld.com), etc.
• Supported by: Loni,
• Comments:

Loni 17:38, 14 Oct 2004 (IST) : I sort of created it while changing the Main_Page to Security News. But maybe at a later stage when it grows, a tree can be made out of it.

DiscussionTree - (Proposed by Loni)

• Description: Forum like Tree. It would consist of different branches for different subjects. It would act just like a forum does, but based on wiki. This seed will only be planted if there is alot of support and a tree like this would need alot of water - otherwise it would shrivel up and die.
• Supported by: Loni,
• Comments:

AdvisoryTree - (Proposed by Loni)

• Description: As the name implies - I am not to sure if it would be too popular, what do you think ?
• Supported by:
• Comments:

Physaro 14:00, 8 Oct 2004 (GMT) : I think this would be nice. But i would propose not to add all Advisorys. I would say just the "important" ones, and that than every user can add what he knows. I think this could be quite nice

Loni 17:40, 14 Oct 2004 (IST) : I sort of created this tree also when creating the new Main_Page. But i think it would be an important tree to have, once there is enough support.

CryptoTree - (Proposed by ports)

formally known as AlgorithmTree

• Description: Everything and anything that has to do with cryptography from designing a PKI infrastructure, to the different types of algorithms, to ways of cracking a password...

(eg. You've got a password hash from a known application and you don't know which algorithm might be used? Then take a look at this tree.)

• Supported by: ports, Loni,
• Comments:
  

Loni 21:06, 28 Sep 2004 (IST) :Would the tree just have examples and syntax of hashes ? How big could the tree grow ? Maybe it should be a branch of a different tree, like CryptographyTree ??

Physaro 14:23, 8 Oct 2004 (GMT) :A CryptographyTree would be nice, with informations about the different Algorithms. But i think this would be a very advanced Tree.

ports 15:00, 14 Oct 2004 (IST) : Yes, you would have 'just' an overview about an application and the algorithm it's used. Additionaly you can add a tool that would help you to break a pass used by the application and some informations. I would suggest to collect at least the following informations: application, version (from the app), used algorithm, tool to 'crack', additional info (is weaker then DES and has 12 Bits, bla bla).

Loni 17:47, 14 Oct 2004 (IST) : I have given my support to this tree, but doing so I have changed its name to CryptoTree instead of AlgorithmTree. Algorithms will be a branch of the tree.

• A Cryptanalysis branch would be nice in this tree, too

CodingTree - (Proposed by Physaro)

• Description: This would be a interesting new Tree i think. We currently have everything about using sec tools, but still no tree for how to code them. So i think this could be a good addition.?
• Supported by: Physaro,
• Comments:

ports 15:03, 14 Oct 2004 (IST) : My first idea is just to post them into the Tutorial Tree. In fact we could make a tree for every small idea. But that would result in a quite big forest I assume ;)

Physaro 15:10, 14 Oct 2004 (IST) : That was my first idea too, but at first i think tutorials about how to use programs, and how to code them are totally different and have a total different community. Another point would be that i think this is a quite big chapter and i think when we have many tutorials in future in the Tutorial Tree i think you would loose the overview faster than if you would make another tree.

adam 12:12, 21 Oct 2004: I think that a code tree, with sample good and bad code, discussion of the security aspects of languages, etc, would get very large. Also, developers who aren't interested in security would be able to find what they want faster.

StandardsTree - (Proposed by DeviceZ)

• Description: This tree will contain catalogued links to Security related RFC`s and Security standards for helping us Understand, Writing Code according to the standards and of course to find them in the most easy/organized way.
• Supported by: DeviceZ,
• Comments:

DeviceZ 12:00, 01 Feb 2005 (IST) : Loni & Me were sitting in the coffee bar yesterday and suddenly in the middle of our conversation something "pops out", THE RFC TREE! And from there “StandardsTree” was born!