|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Halvar Flake (halvar
gmx.de)
Date: Tue Dec 09 2008 - 04:10:20 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hey all,
It seems that discussions in ITsec are periodic -- the same discussions and
same arguments come up again and again.
1. Of course attackers use new vulnerabilities. It is the nature of offense.
Defense is done "to the maximum of current knowledge". Offense, by it's
nature, has to expand on the status quo.
2. How do you simulate an attack with a new vulnerability if you don't
have one ?
Well, military folks do wargames all the time without actually using up
the arsenal
they have on the shelves. Network attacks should probably be done in a
similar
manner -- have an umpire, and give the attacking team a few "0day
cards". With these
cards they get high-probability code execution for a piece of software
of their choice.
The pentest then proceeds like a game, but can be conducted on the real
network, too.
But I am repeating myself ...
Cheers,
Halvar
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]