|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dave Aitel (dave
immunityinc.com)
Date: Tue Oct 14 2008 - 11:35:33 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
D2's latest exploit pack has a couple cool tools in it:
1. a malicious PDF file creator
2. a malicious Java Applet
If you're doing client side penetration tests, sometimes no exploit is
the best exploit. Both of these are "one click to own" things.
Immunity uses the D2 pack against our clients when we do penetration
tests. No one can write everything!
And of course Gleg continues to produce interesting remotes in things
like J2EE servers. Luckily no one uses those, right? At this point
they have 280 additional modules for CANVAS which almost doubles the
size of CANVAS's standard exploit modules.
And there are more third-party packs on the way! The value of these
tools is in the content built on top of them.
- -dave
(hahahame at using the word ecosystem. Such a Microsofty word!)
P.S. Everyone should have the cojones to post their static analysis
responses to the list!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI9MpUtehAhL0gheoRAtUeAJ9/PAR7t2MTDG3n/kb5REqFixELcQCbBb+H
VEOK6SFmBQpLO5FXHpa/rcs=
=4b/h
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]