Re: Lab leads??
From: H D Moore (hdm@secureaustin.com)Date: 10/18/01
- Previous message: Alfred Huger: "RE: 0-day exploit..do i hear $1000? - Dead Thread"
- In reply to: 'ken'@FTU: "Lab leads??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20011018212626.11735.qmail@securityfocus.com> From: H D Moore <hdm@secureaustin.com> To: "'ken'@FTU" <franklin_tech_bulletins@yahoo.com>, pen-test@securityfocus.com Subject: Re: Lab leads?? Date: Thu, 18 Oct 2001 16:26:24 -0500
On Tuesday 16 October 2001 10:02 pm, franklin_tech_bulletins@yahoo.com wrote:
> Hello,
>
[ snip ]
> One idea I had is to create images of servers known to have holes,
> demonstrate the exploit, patch the hole, show it is fixed and then
> reimage the disk with the old hole. The imaging trick should work with
> different OS's as well. What do you think?
My company uses stacks of nice dual-proc rackmount machines each running
linux with 5 VMWare images. Managing the system is trivial via Xvnc and
SSH tunnels, images are stored locally in compressed format and on CD. For
the other 10% of targets that need special hardware (solaris sparc, hpux,
etc) we just make a backup image of their drives and restore as needed.
-- H D Moore http://www.digitaldefense.net - work http://www.digitaloffense.net - play---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: Alfred Huger: "RE: 0-day exploit..do i hear $1000? - Dead Thread"
- In reply to: 'ken'@FTU: "Lab leads??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
