During the HITB 2007 Malaysia I met a young smart group of students from Singapore Polytechnic. They took part in the Capture the Flag competition and managed to score better than some professionals (need I make it clear?) in total contrast to their name: t3nth (they ranked eighth, by the way).
I thought that was impressive enough for these young chaps and maybe if they had proper training, they could turn as capable as any other qualified security engineer. And so I offered them a free workshop on software exploitation to serve as a primer. It was received enthusiastically.
An intensive four (or five, I dont quite remember)-session training was given on every week end through out last month. It covered all basic concepts, techniques, and some few advanced skills. I don’t know but it seemed like the boys grasped them pretty quickly. Actually, they surprised me! I didn’t expect that Paul could understand the stack diagram I drew on the white board in an instance, Louis would get the return-to-libc technique immediately when I mentioned it, Jeremy were able to analyze binary files in a few minutes, and Choon Rui mastered format string with no difficulty at all.
Through out the training, challenges from the CtF (no, not the binary, but with reconstructed source by yours truly) were used but these boys weren’t informed at all. They solved them, fluidly. What others weren’t able to do in Dubai 2007, and Malaysia 2007, they did it in only one or a few hours. Brilliant, ain’t they?
I hope it was a conducive workshop to them and that they loved it as much as I loved teaching them. It’s always a pleasure to work with smart guys. I believe these chaps will score much better in subsequent challenges. And if you are looking for interns, get them!