Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures

H D Moore wrote:
Nice work Aviv! All of these methods, along with a few extras, are
implemented in the Metasploit 2.6 version of this module. Last I checked,
not a single AV or IPS could pick it up. This module should work on every
version and service pack of Windows.

http://metasploit.com/projects/Framework/exploits.html#ie_vml_rectfill

You probably mean not a single network-based IPS :-)

There are quite a few host-based IPS systems that definitely stop the standard
Metasploit payloads.

Alex

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: Metasploit and efficacy of IPS devices
    ... I work on both the Metasploit and BreakingPoint products. ... Many test labs use Metasploit (along with Core, Canvas, and commercial ... tools like BreakingPoint) to perform IPS certification. ...
    (Focus-IDS)
  • Re: Metasploit and efficacy of IPS devices
    ... tools like BreakingPoint) to perform IPS certification. ... Three things to keep in mind when evaluating an IPS for attack detection. ... Most IPS products ship with a limited number of signatures enabled by ... The better exploit tools (Metasploit and BreakingPoint for sure) allow ...
    (Focus-IDS)
  • [Full-Disclosure] Strange FTP log messages
    ... has been happening on a wide range of IPs. ... Any hints would ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
    (Full-Disclosure)
  • Re: [Full-disclosure] lots of connections to 64.40.117.19 port 80
    ... different IPs) specifically to this IP. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)