Home page logo

dailydave logo Dailydave mailing list archives

Still relevant after all these years...
From: Dave Aitel <dave () immunityinc com>
Date: Mon, 29 Dec 2008 12:24:59 -0500

Hash: SHA1

Seems like it was just last year we were announcing the availability
of D2's exploit pack, getting PINK ready for delivery, and wishing
there was a remote on XP SP2. This year, of course, we will still be
getting PINK ready for delivery, but we do have remotes on XP,
finally, thanks to MS08-001 and (more reliably) MS08-067. Hooray for

Largely I track how hacking changes through coursework. It used to be
that installing and using kernel rootkits would require quite a lot of
explanation. Now it's double-click away. PHP web application exploits
remain super-important as buffer overflows faded as a way to get onto
Linux machines. Originally we used to spend a lot of time on
shellcode, whereas now the shellcode libraries are big enough that
there's something for almost every situation, usually wrapped in
VisualSploit so I don't have to even go into how to use it from an API.

Like every year, the best vulnerabilities were 0day that got
discovered by someone not being careful enough, hackers are still
relevant, and offense is still in a winning position.

Happy New Year Everyone!
- -dave
(for those of you interested in actually USING VisualSploit to learn
to write overflows...)
Unethical Hacking Offering
January 12-16, 2009: Duration: 5 days Cost: $5000 per person. Class
taught at Immunity's Miami Beach HQ. Includes a CANVAS license. Email
admin () immunityinc com for more information.
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]