Penetration Testing mailing list archives

RE: Frameworks to exploit AV gw and Browser?

From: alessandro telami <admin () cyber-threats com>
Date: Thu, 1 Jan 2009 16:24:01 +0000


For the Client Browser you can try BeEF: 

http://www.bindshell.net/tools/beef



Cheers

Date: Wed, 31 Dec 2008 16:22:41 -0300
From: richard.k.miles () googlemail com
To: pen-test () securityfocus com
Subject: Frameworks to exploit AV gw and Browser?

Hi

A long time ago I remember I saw 2 nice projects, however (yes, I'm
dumb as hell) I never had put it into my bookmark.

One of this projects was a framework for client side "browser"
attacks. Where they had implemented a common evil web page which
detects technology the client use (java, flash, etc) and the browser
itself (IE, FF) and try different vectors of exploits which match.

Someone know this project? Or someone related?

off: please no metasploit stuff, since I already know about it.

The other, is something similar, but to test AntiVirus gateways, it
was a framework contain dozen of different evil payloads for different
antivirus. So we could test if we could compromise a AV gateway.
Anyone aware of the link of the project?

Thanks and happy new year


_________________________________________________________________
Get Windows Live Messenger on your Mobile
http://clk.atdmt.com/UKM/go/msnnkmgl0010000001ukm/direct/01/

Current thread:

RE: Frameworks to exploit AV gw and Browser? alessandro telami (Jan 03)
- Re: Frameworks to exploit AV gw and Browser? Richard Miles (Jan 03)
- <Possible follow-ups>
- Re: Frameworks to exploit AV gw and Browser? Joshua Gimer (Jan 03)
- Re: Frameworks to exploit AV gw and Browser? H D Moore (Jan 03)
  - Re: Frameworks to exploit AV gw and Browser? Richard Miles (Jan 05)
- Re: Frameworks to exploit AV gw and Browser? Patrick Webster (Jan 06)