Dailydave mailing list archives
Re: Stuff you might have missed in the CANVAS Ecosystem
From: Dean Pierce <piercede () pdx edu>
Date: Wed, 15 Oct 2008 15:57:22 -0700
If they even listed the affected software, wouldn't the vendor just buy
up the module and fix the 0day? It would be interesting to see a list
of older vulnerabilities, and maybe some mention their reliability just
to see how it stacks up against other exploitation frameworks.
Anyway, when you buy CANVAS, the most important thing you get is every
exploit they come up with for the next year, so not even the researchers
know what it is you are really buying.
- DEAN
Matthew Wollenweber wrote:
Dave/Gleg, Every now and then some exploits, such as the below really interest me and my team. But it would be helpful if announcements contained a bit more information. I know you have to balance disclosure but a couple things that might help: 1. What versions of the software are affected? 2. Is the software in a common or default configuration? 3. What security zone is required for the exploit to work? 4. The exploit enables remote code execution? 5. How reliable is the exploit (ballpark -- for example a buffer overflow you've never seen fail or a complicated heap corruption bug that sometimes works). For me, that's the basic information I want before purchasing an exploit and IMO I don't think it gives away enough to easily go look for the bug myself. On Tue, 2008-10-14 at 12:35 -0400, Dave Aitel wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 D2's latest exploit pack has a couple cool tools in it: 1. a malicious PDF file creator 2. a malicious Java Applet If you're doing client side penetration tests, sometimes no exploit is the best exploit. Both of these are "one click to own" things. Immunity uses the D2 pack against our clients when we do penetration tests. No one can write everything! And of course Gleg continues to produce interesting remotes in things like J2EE servers. Luckily no one uses those, right? At this point they have 280 additional modules for CANVAS which almost doubles the size of CANVAS's standard exploit modules. And there are more third-party packs on the way! The value of these tools is in the content built on top of them. - -dave (hahaha@me at using the word ecosystem. Such a Microsofty word!) P.S. Everyone should have the cojones to post their static analysis responses to the list! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI9MpUtehAhL0gheoRAtUeAJ9/PAR7t2MTDG3n/kb5REqFixELcQCbBb+H VEOK6SFmBQpLO5FXHpa/rcs= =4b/h -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave------------------------------------------------------------------------ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Stuff you might have missed in the CANVAS Ecosystem Dave Aitel (Oct 14)
- Re: Stuff you might have missed in the CANVAS Ecosystem H D Moore (Oct 14)
- Re: Stuff you might have missed in the CANVAS Ecosystem Mohammad Hosein (Oct 14)
- Re: Stuff you might have missed in the CANVAS Ecosystem Matthew Wollenweber (Oct 14)
- Re: Stuff you might have missed in the CANVAS Ecosystem Isaac Dawson (Oct 15)
- Re: Stuff you might have missed in the CANVAS Ecosystem Dean Pierce (Oct 15)
- Re: Stuff you might have missed in the CANVAS Ecosystem Mohammad Hosein (Oct 16)
- Re: Stuff you might have missed in the CANVAS Ecosystem Halvar Flake (Oct 16)