Penetration Testing mailing list archives

Re: Different methods of obtaining exploits

From: "Ali Akbar" <aakbar19 () gmail com>
Date: Sat, 28 Jan 2006 21:47:11 -0000

On Fri, 27 Jan 2006 01:45:43 -0000, yawgmoth7 <yawgmoth7 () gmail com> wrote:

I've always wondered about this, I do not know why. But just the
different ways that pen-testers get their exploits/vullnerabilities. I
think it would go something like this:
50% From online security sites
25% Find their own
25% From their friends

Have I left any out? If so, go ahead and add it, this is just about
what I think it would be. This has always interesting me for some
reason.

See ya
--
gurusnetwork.org
Gurus'Network - Are you a guru?

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your

website. Up to 75% of cyber attacks are launched on shopping carts,forms,login pages, dynamic content etc. Firewalls, SSL and locked-down serversarefutile against web application hacking. Check your website forvulnerabilitiesto SQL injection, Cross site scripting and other web attacks beforehackers do!

Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Hi

"25% find their own" does that mean they search arbitrarily? And/or doesit mean making their own? Anyways, if your point was ment for the latterdescription, then I think the list is rational! I mean how else someonewould obtain an exploit if it was not from a database/site, or makingtheir own, or receiving it from someone?!


--
Ali Akbar | aakbar19 () gmail com

------------------------------------------------------------------------------

Audit your website security with Acunetix Web Vulnerability Scanner:Hackers are concentrating their efforts on attacking applications on yourwebsite. Up to 75% of cyber attacks are launched on shopping carts, forms,login pages, dynamic content etc. Firewalls, SSL and locked-down servers arefutile against web application hacking. Check your website for vulnerabilitiesto SQL injection, Cross site scripting and other web attacks before hackers do!Download Trial at:


http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Different methods of obtaining exploits yawgmoth7 (Jan 28)
- Re: Different methods of obtaining exploits Ali Akbar (Jan 30)
- RE: Different methods of obtaining exploits security (Jan 30)
- Re: Different methods of obtaining exploits FocusHacks (Jan 30)
- Re: Different methods of obtaining exploits Dharmendra (Jan 31)
- Re: Different methods of obtaining exploits Roman Medina-Heigl Hernandez (Jan 31)
- <Possible follow-ups>
- Re: Different methods of obtaining exploits barcajax (Jan 30)