Metasploit mailing list archives
Still yet to own a machine :( (My systems ain't THAT secure are they?)
From: konrads.smelkovs at gmail.com (Konrads Smelkovs)
Date: Mon, 17 Sep 2007 16:51:12 +0300
Hello Mr. Gabriel, There are multiple approaches to exploiting, but it can also be split into two ways: a) Having 0days b) Not having 0days If You are in possession of 0days, then You can execute a simple attack against a machine exploiting as of yet unpatched vulnerability. If You do not have 0days then the exploitation depends on creating a scenario or finding unpatched vuln (in which case it is like case 'a'). Creating a scenario can be with or without user interaction. Your virus outbreaks probably occur due to users executing malicious attachments sent via IM, email or otherwise. You should probably secure Your perimeter more, run tight group policy and remove unauthorised software. On 9/17/07, Mr Gabriel <angelisonline at gmail.com> wrote:
Okay, I'm still very confused out here. I've tried a lot to at least own a machine on my network. I'm responsible for 200 computers across three floors, each machine can be seen on the network, and can be contacted etc etc. All on the same subnet ... (not best practice, I know, but hey if it ain't broke...). Now, at least once a week we get viral epedemics, where someones daily scan reveals a virus, give it a few hours, and you can almost guarentee, that that puppy has found its way onto another computer, and not via file sharing, or email. Which leads me to believe it exploited my up to date "fully patched" XP systems. Which I feel as if I have failed to do myself. On a diffrent note, after studying HDM talk, I realised the impact of social engineering with regards to a lot of exploits. It seems that a lot of exploits require user intervention, as in you sort of have to "trick" someone into either clicking a link, or loading a bad page or something. If that is the case, I'll have to revise my talks about keeping safe on your computer - which now that I think about it, needs a complete facelift!!
-- Konrads Smelkovs Applied IT sorcery. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070917/01436566/attachment.htm>
Current thread:
- Still yet to own a machine :( (My systems ain't THAT secure are they?) Mr Gabriel (Sep 17)
- Still yet to own a machine :( (My systems ain't THAT secure are they?) Konrads Smelkovs (Sep 17)