[Full-Disclosure] Re: exploits, good exploits
From: John Q Public (johnqpublic2323_at_mailvault.com)
Date: 07/22/03
- Previous message: voleur_at_speakeasy.net: "[Full-Disclosure] Re: Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com Date: Mon, 21 Jul 2003 23:25:30 -0400 (EDT)
This is a MIME encoded message.
--=_a72578003709bb3ae01d2c23962a64f9
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
0ddly, I didn't get a copy of the original message in my inbox - but I
have a few things to say about this thread. First off, if you are
getting your exploits at public distribution sites such as:
http://packetstormsecurity.nl/exploits20.shtml
http://www.k-otik.com/exploits/
http://www.securiteam.com/exploits/
etc..
then you are already *several* steps behind the curve. Climbing up the
chain, you will see release points such as exploit authors/groups
websites. Higher still, you have private exploit distribution networks
such as trading in IRC channels and private mailing lists (I run a
private 0day mailing list myself, less technical than 0daydigest but
more action). In these cases the way you get involved is if you
contribute something - you need to offer something new. Beyond the
aforementioned, you pretty much just have the exploit developers
themselves. My recommendation is learn to find your own bugs and write
your own code.
Though, it's interesting - there are now commercial grade exploits being
offered for sale from companies!
$995 http://www.immunitysec.com/CANVAS/
$15000 http://www.coresecurity.com/products/coreimpact/index.php
These packages are similar but include different exploits and framework
so it would be hard to compare the two. Expect this short list (2) to
grow to dozens in the coming years, including opensource/free versions
I'm sure (but I hope not).
jqp
--- Frank Boldewin <frank.boldewin@gmx.de> wrote:
> canvas has some 0day exploits and i think it is worth a buy,
> but another good product is core impact.
> they made a good product full of reliable exploits, for the
> latest bugs in major daemons. it's not very cheap, but worthy
> for that what u might searching for.
>
> cheers,
> frank
>
--=_a72578003709bb3ae01d2c23962a64f9--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: voleur_at_speakeasy.net: "[Full-Disclosure] Re: Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
