Re: DEP, HardWare Virtualization VM , 64 bit O/S

[HD Moore <hdm () metasploit com>]

On 6/8/2010 7:31 AM, levene10 wrote:
> Hi All
> I cant help but ran through some of the standard security features of new
> standard cpus and modern windows operating systems...( vista & 7 )
> Which exploits and payloads of metasploit framework try to circumvents
> these..
> I believe none , since all your buffer overflows, heap / stack corruptions
> have to choose the NoNx platform (a joke) to exploit, the framework has no
> rootkits explits  which 64bit windows and VM have effective containment..
> I am starting to get confused..
> Kindly point out briefly metasploit framework's abilities to exploit new
> systems..

If you can point out public exploit code for these systems we would be
happy to port them to Metasploit. Most of the time, the work required to
make these exploits work on DEP/ASLR/64-bit (when possible) is time
consuming and results in an exploit that is not reliable even in the
best case scenario.

You can see some examples for MS08-067 and some of the client-side
exploits, but the fact is these types exploits are slowly dying. That is
why you see an increase in coverage for logic flaws, command injection,
and authentication bypass vulnerabilities.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework