Dailydave mailing list archives
Re: Two thoughts for the day:
From: Pusscat <pusscat () metasploit com>
Date: Fri, 25 Apr 2008 09:10:36 -0400
I've got to really agree strongly concerning point #1, for two main reasons: 1. We've been turning around the patch->exploit process before full deployment for years now, sometimes before autoupdate even sees the patches in the US. 2. The work presented ignores the most time consuming portion of the exercise, being the attack vector discovery. It only automates the portion which takes a negligable amount of time when compared to the rest of the work needed to produce a viable exploit. On Thu, Apr 24, 2008 at 4:51 PM, Dave Aitel <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1. The sky is not falling and Microsoft does not have to rewrite their entire patch system to solve any pressing problems. (http://www.securityfocus.com/news/11514). 2. Penetration testing frameworks need to have a whole trojan framework as well. Our Kernel Rootkit needs to be able to install, uninstall, upgrade, trigger, and otherwise manipulate PINK or the MOSDEFService.exe. PINK 1.0 just got released and I find it quite interesting to see people's reactions to it. - -dave One last seat available in CANVAS training class next week in Miami Beach. May 1 & 2. $2000. Details here: http://www.immunityinc.com/education-canvas.shtml -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIEPK3tehAhL0gheoRAobNAJ98X6A0ENCi20xOCIEVdgSOMh5UJQCfdtv8 J0W8K4nMdmNVOTEFfbLUyQQ= =uKo3 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Two thoughts for the day: Dave Aitel (Apr 24)
- Re: Two thoughts for the day: Pusscat (Apr 25)
- Re: Two thoughts for the day: jf (Apr 25)
- Re: Two thoughts for the day: Thomas Ptacek (Apr 25)
- Re: Two thoughts for the day: jf (Apr 25)
- Re: Two thoughts for the day: Joanna Rutkowska (Apr 25)
- Re: Two thoughts for the day: Dave Aitel (Apr 28)
- Re: Two thoughts for the day: Halvar Flake (Apr 25)
- Re: Two thoughts for the day: val smith (Apr 25)
- Re: Two thoughts for the day: Pusscat (Apr 25)