GSoC 2012 Project - Vulnerability and exploitation specialist

[Aleksandar Nikolic <nikolic.alek () gmail com>]

Hi,

   I am Aleksandar Nikolic, a final year Computer Science student at
Faculty Of Technical Sciences, University of Novi Sad.
  I have certain experience in vulnerability and exploit research, and
would like to apply for a position of a Script
developer- Vulnerability and exploitation specialist in the following
Google Summer Of Code.
Since student applications haven't started yet I won't talk a lot about
myself now, but guidelines from Google
suggest to try to contact the community and possibly discuss the project.

In an attempt to prepare for the application and to get familiar with
nmap's scripting engine I wrote
a script to test for recent Windows RDP vulnerability. Everybody is talking
about the vulnerability
and until today I was unaware of a way to check if a machine is vulnerable
or not without
causing the BSoD. My script is based on work by sleepya . His tests are
crafted in a way that would
avoid triggering the BSoD. Please see the attached code for details.

Of course, this script would need to be thoroughly tested, but my tests
have shown that it works,
at least on Windows XP. Also, I've just started playing with NSE and wanted
to share this with you since it is a hot topic
currently. Please let me know if I should make some improvements.
I hope that you will find it useful.

On topic, do you have any suggestions for me regarding the application for
this position?


Thank you,
Aleksandar Nikolic

Attachment: rdp-ms12-020.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/