[Full-disclosure] RE: Publishing exploit code - what is it good for

From: James C Slora Jr (Jim.Slora_at_phra.com)
Date: 06/30/05

  • Next message: Thomas Reinke: "[Full-disclosure] Re: Publishing exploit code - what is it good for" 
    To: "'Aviram Jenik'" <aviram@beyondsecurity.com>
Date: Thu, 30 Jun 2005 13:50:32 -0400

    I have used public exploits for:

    1. Verifying that the manufacturer's recommendations have been followed and
    that they work. This was invaluable in the first few rounds of Microsoft RPC
    patches a couple of years ago - some patches appeared to have installed
    correctly but the machines were still vulnerable. They would not have been
    patched successfully without exploit testing. Yes, the public exploit code
    helped lead to widespread malware outbreaks, but those first few bugs were
    so blatant that black hats could exploit them easily anyway and the
    outbreaks still would have happened. Witness the continuing success of those
    vectors. The public exploits at least let us test to see if we were
    prepared.

    2. Developing methods to detect the exploits.

    3. Understanding the exploitation process better. This way I can make the
    hard sell on taking systems off line for patching with the appropriate
    urgency.

    4. Blocking appropriate attack vectors (and thinking of other potential
    vectors), and making sure the attacks don't get through.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Thomas Reinke: "[Full-disclosure] Re: Publishing exploit code - what is it good for"