Nmap Development mailing list archives
Re: [GSoC] Vulnerability and exploitation specialist
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 4 Mar 2015 12:40:41 -0600
Egon, Thanks for your interest! How many scripts to write depends greatly on your comfort level with Lua (a fairly easy language to learn) and the level of difficulty of the vulnerabilities you would target. For example, yesterday a vulnerability in phpMoAdmin was disclosed on the fulldisclosure mailing list [1]. Today, Xavier Martens published a NSE script taking advantage of it [2]. That's an impressive turnaround time, but it's a very simple bug, too. Some things are easy, but others are hard. Take a look at how GSOC students in that position in the past have dealt with it. For instance, Aleksandar Nikolic in 2012 [3]. [1] http://seclists.org/fulldisclosure/2015/Mar/19 [2] http://blog.rootshell.be/2015/03/04/phpmoadmin-0-day-nmap-script/ [3] https://www.google.com/search?hl=en&q=%22aleksandar%27s+status+report%22+site%3Aseclists.org%2Fnmap-dev%2F2012 On Tue, Mar 3, 2015 at 2:24 PM, Egon Stefán <donhekus () gmail com> wrote:
Hy everyone! I'm really intrested in that position, but i have some questions about it. How much scrpt to write in the summer? It depends on the recent vulnerabilities? Or i found a vulnerability on somewhere in the internet and i talk to with my mentor to write it? Thanks, Egon _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [GSoC] Vulnerability and exploitation specialist Egon Stefán (Mar 03)
- Re: [GSoC] Vulnerability and exploitation specialist Jacek Wielemborek (Mar 03)
- Re: [GSoC] Vulnerability and exploitation specialist Egon Stefán (Mar 04)
- Re: [GSoC] Vulnerability and exploitation specialist Daniel Miller (Mar 04)
- Re: [GSoC] Vulnerability and exploitation specialist Jacek Wielemborek (Mar 03)