I've got to really agree strongly concerning point #1, for two main reasons:
1. We've been turning around the patch->exploit process before full
deployment for years now, sometimes before autoupdate even sees the
patches in the US.
2. The work presented ignores the most time consuming portion of the
exercise, being the attack vector discovery. It only automates the
portion which takes a negligable amount of time when compared to the
rest of the work needed to produce a viable exploit.
On Thu, Apr 24, 2008 at 4:51 PM, Dave Aitel <dave_at_immunityinc.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> 1. The sky is not falling and Microsoft does not have to rewrite their
> entire patch system to solve any pressing problems.
> (http://www.securityfocus.com/news/11514).
>
> 2. Penetration testing frameworks need to have a whole trojan framework
> as well. Our Kernel Rootkit needs to be able to install, uninstall,
> upgrade, trigger, and otherwise manipulate PINK or the
> MOSDEFService.exe. PINK 1.0 just got released and I find it quite
> interesting to see people's reactions to it.
>
>
> - -dave
>
> One last seat available in CANVAS training class next week in Miami
> Beach. May 1 & 2. $2000. Details here:
> http://www.immunityinc.com/education-canvas.shtml
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIEPK3tehAhL0gheoRAobNAJ98X6A0ENCi20xOCIEVdgSOMh5UJQCfdtv8
> J0W8K4nMdmNVOTEFfbLUyQQ=
> =uKo3
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dailydave mailing list
> Dailydave_at_lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Received on Apr 25 2008
Intro
