Re: [GSoC] Vulnerability and exploitation specialist

[Daniel Miller <bonsaiviking () gmail com>]

Egon,

Thanks for  your interest! How many scripts to write depends greatly on
your comfort level with Lua (a fairly easy language to learn) and the level
of difficulty of the vulnerabilities you would target. For example,
yesterday a vulnerability in phpMoAdmin was disclosed on the fulldisclosure
mailing list [1]. Today, Xavier Martens published a NSE script taking
advantage of it [2]. That's an impressive turnaround time, but it's a very
simple bug, too.

Some things are easy, but others are hard. Take a look at how GSOC students
in that position in the past have dealt with it. For instance, Aleksandar
Nikolic in 2012 [3].

[1] http://seclists.org/fulldisclosure/2015/Mar/19
[2] http://blog.rootshell.be/2015/03/04/phpmoadmin-0-day-nmap-script/
[3]
https://www.google.com/search?hl=en&q=%22aleksandar%27s+status+report%22+site%3Aseclists.org%2Fnmap-dev%2F2012

On Tue, Mar 3, 2015 at 2:24 PM, Egon Stefán <donhekus () gmail com> wrote:

> Hy everyone!
>
> I'm really intrested in that position, but i have some questions about it.
> How much scrpt to write in the summer? It depends on the recent
> vulnerabilities? Or i found a vulnerability on somewhere in the internet
> and i talk to with my mentor to write it?
>
> Thanks,
>
> Egon
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/