|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Isaac Dawson (isaac.dawson
gmail.com)
Date: Wed Oct 15 2008 - 04:28:33 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> IMO I don't think it gives away enough to easily go look for the bug myself.
It does for J2EE servers, those things are notoriously vulnerable and
the bugs are usually very easy to spot,
just decompile the default servlets and poke around for a few hours
(or less, Much Less) and I guarantee you will find something of
interest ;>.
-isaac
On Wed, Oct 15, 2008 at 3:27 AM, Matthew Wollenweber <mjwcyberwart.com> wrote:
> Dave/Gleg,
>
> Every now and then some exploits, such as the below really interest me and
> my team. But it would be helpful if announcements contained a bit more
> information. I know you have to balance disclosure but a couple things that
> might help:
>
> 1. What versions of the software are affected?
> 2. Is the software in a common or default configuration?
> 3. What security zone is required for the exploit to work?
> 4. The exploit enables remote code execution?
> 5. How reliable is the exploit (ballpark -- for example a buffer overflow
> you've never seen fail or a complicated heap corruption bug that sometimes
> works).
>
> For me, that's the basic information I want before purchasing an exploit and
>
> On Tue, 2008-10-14 at 12:35 -0400, Dave Aitel wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> D2's latest exploit pack has a couple cool tools in it:
> 1. a malicious PDF file creator
> 2. a malicious Java Applet
>
> If you're doing client side penetration tests, sometimes no exploit is
> the best exploit. Both of these are "one click to own" things.
> Immunity uses the D2 pack against our clients when we do penetration
> tests. No one can write everything!
>
> And of course Gleg continues to produce interesting remotes in things
> like J2EE servers. Luckily no one uses those, right? At this point
> they have 280 additional modules for CANVAS which almost doubles the
> size of CANVAS's standard exploit modules.
>
> And there are more third-party packs on the way! The value of these
> tools is in the content built on top of them.
>
> - -dave
> (hahahame at using the word ecosystem. Such a Microsofty word!)
> P.S. Everyone should have the cojones to post their static analysis
> responses to the list!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFI9MpUtehAhL0gheoRAtUeAJ9/PAR7t2MTDG3n/kb5REqFixELcQCbBb+H
> VEOK6SFmBQpLO5FXHpa/rcs=
> =4b/h
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
> --
>
> Matthew Wollenweber
> mjwcyberwart.com
> www.cyberwart.com/blog
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]