Dailydave mailing list archives
The path
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 19 Aug 2014 10:27:16 -0400
Kit Dale likes to say he doesn't train particular BJJ moves per se, so much as a chain of moves that go from one side of the game to another. For example, an escape, then a transition to top position, then a pass, then a submission. Those of us in the infosec world would recognize this as an "Attack Chain". And we like to do this with our exploit releases too. That way it's not like you get just an exploit that will maybe get you onto a box or one that will get you root if you already happen to have a shell, but you get a full path from remote to root control. And ideally we try to supply a toolchain that provides persistence, data exfiltration, and the whole package. But this month instead we're releasing what I consider "point solution" additions, including the three already in CANVAS Early Updates. CVE-2014-1776 (cmarkup uaf) CVE-2014-4943 (pppol2tp local root) CVE-2014-3153 (Futex) One of the reasons we're concentrating on Linux Locals is we find that after doing a training on PHP exploitation, people naturally have a lot more shells on Linux systems. -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The path Dave Aitel (Aug 19)