NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Immunitysec Daily Dave> 2006-q4

[Dailydave] Remote language detection

From: Dave Aitel (daveimmunityinc.com)
Date: Wed Dec 06 2006 - 10:24:25 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the podcast this week on eweek.com[2] I talk a tiny bit about the
changes going through penetration testing. I think there ARE major
changes. A penetration tester used to be the guy able to download
things from packetstorm.com and compile them and run them against your
servers. It was a database of knowledge of what worked and how to use
it that was in your head that was valuable. But the Googlization of
the world has rendered all sorts of head-databases less valuable.

When Immunity hires a penetration tester now, we hire someone who can
download that third party ISAPI filter, install it in a VM, find a
vulnerability in it, and then write the overflow to bypass your
unknown HIDS in two days or less.

There's been a commoditization of known vulnerabilities. I don't think
it will be that long from now where a penetration testing service that
does not offer 0day testing will be completely devalued. Essentially
this is where penetration testing is already, since most of what you
do in a test is web-based which is essentially 0day testing.

It's possible to get a remote shell against web applications too, it's
just not as easy as owning with bind-nxt and seeing a #. CANVAS has a
javaNode because during a penetration test we needed to abstract away
the idea that we could execute arbitrary Java on a WebLogic server.

One of the other things we've been doing lately is remote language
detection. Today we've released a small whitepaper about some of our
research which is available here[1]. Ask your questions about it here,
if you want, and I'll release a version 2.0 that answers them. :>

- -dave
[1]
http://www.immunityinc.com/resources-papers.shtml

[2]
http://www.eweek.com/article2/0,1895,2067349,00.asp

Defense by Offensive Hacking

December 4, 2006

*In this *OnSecurity* podcast: Immunity vulnerability researcher Dave
Aitel talks with eWEEK's Ryan Naraine about simulated hacking attacks,
new penetration testing tools and techniques, the resiliency of Vista,
and his unique take on the vulnerability disclosure debate.*

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFFdu63B8JNm+PA+iURAoMNAJ9HwEc8pwPcyi6l5T0oa2ZdnrlxGwCg7CW+
J80xuzAsnGqYM9weSNdQO+E=
=v3lb
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]