Aleksandar's status report #13 of 17

[Aleksandar Nikolic <nikolic.alek () gmail com>]

Hi all,

this is my status report for the last week.

Last week saw some improvements to http-slowloris which we
came up with while testing. As you may guess, testing this against a
live server is not a very good idea, so there were few issues with the
original
version. I've also added ssl support to the script.

Apart from that, I've written a ms10-054 vulnerability script.
Unfortunately, I was unable to find a way to test for this vulnerability
without
crashing the server, so the script is dangerous as it causes BSOD on
vulnerable machines.

This week in queue are another smb vulnerability, ms10-061, which I've
started working
on today. This is not a memory corruption vulnerability so it will be
possible to test for it
in a safe, although intrusive, way.
Next will be ssl-date script which should grab a date and time from the
server as many TLS
implementations include that in their initial ServerHello.

To everybody in Vegas this week, have a good time!

Aleksandar

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/