Dailydave mailing list archives

Re: Faster, smashter.

From: Dave Aitel <dave () immunityinc com>
Date: Tue, 09 Dec 2008 09:45:23 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One technique we're doing this week with a client is taking an attack
tree and marking it up with dollar values. I.E. if you wanted to buy
an 0day in X component, how much would it cost?

This then is a simple summation to produce a "how much is it to get
into the internal network from the internet" which the business can
use to help them decide yay/nay on the project as a whole depending on
their own view of the threat and the value of the information they are
protecting.

- -dave


Halvar Flake wrote:

Hey all,

It seems that discussions in ITsec are periodic -- the same
discussions and same arguments come up again and again.

1. Of course attackers use new vulnerabilities. It is the nature of
offense. Defense is done "to the maximum of current knowledge".
Offense, by it's nature, has to expand on the status quo.

2. How do you simulate an attack with a new vulnerability if you
don't have one ?

Well, military folks do wargames all the time without actually
using up the arsenal they have on the shelves. Network attacks
should probably be done in a similar manner -- have an umpire, and
give the attacking team a few "0day cards". With these cards they
get high-probability code execution for a piece of software of
their choice.

The pentest then proceeds like a game, but can be conducted on the
real network, too.

But I am repeating myself ...

Cheers, Halvar _______________________________________________
Dailydave mailing list Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJPoSCtehAhL0gheoRAqofAJ0Yvic/Ro6dRr+xWLavp+DizANyAACfWUXc
JRFeXEvy4EJeg5gkuXxC2ZU=
=6PWU
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Faster, smashter. Dave Aitel (Dec 08)
- Re: Faster, smashter. Fisher, Dennis (Dec 08)
  - Re: Faster, smashter. Dragos Ruiu (Dec 08)
    - Re: Faster, smashter. Halvar Flake (Dec 09)
    - Re: Faster, smashter. Dave Aitel (Dec 09)
    - Re: Faster, smashter. Rafal @ IsHackingYou.com (Dec 09)
    - Re: Faster, smashter. dan (Dec 09)
    - Re: Faster, smashter. Marc Maiffret (Dec 10)
    - Re: Faster, smashter. Halvar Flake (Dec 09)
    - Re: Faster, smashter. security curmudgeon (Dec 09)
    - Re: Faster, smashter. Jon Passki (Dec 09)
- Re: Faster, smashter. rauc (Dec 08)