Actually, no. If you're dealing with obfuscation, IDS and antivirus evasion etc. you need to know how to read, write and otherwise manipulate assembly code (debug, self-modification, name-it).
First, for dealing with obfuscation and evasion, you're reading, not writing.
Second, for every 100 people that talk about e.g. self-modifying viruses or shellcode, there is perhaps 1 person who can actually write something soup-to-nuts, and maybe 5-10 more who can modify that code to make it do something new.
Reading assembly is important for security research. Writing, not as much.
Second, for every 100 people that talk about e.g. self-modifying viruses or shellcode, there is perhaps 1 person who can actually write something soup-to-nuts, and maybe 5-10 more who can modify that code to make it do something new.
Reading assembly is important for security research. Writing, not as much.