Home page logo

dailydave logo Dailydave mailing list archives

Re: Stuff you might have missed in the CANVAS Ecosystem
From: "Mohammad Hosein" <mhtajik () gmail com>
Date: Tue, 14 Oct 2008 20:39:43 +0330

well ,
as much as i love one-click stuff ( which are by the way available on the
wild side of the game . Russian Brothers , cool people from China ,
dangerous underground Romanian and Brazilian Crews , Hello! ) i have to
bring up this issue now that its on the list
the licensing model and price of these packs are really far away from what
individuals and freelancers can afford . anyone else here thinks the same ?

On Tue, Oct 14, 2008 at 8:05 PM, Dave Aitel <dave () immunityinc com> wrote:

Hash: SHA1

D2's latest exploit pack has a couple cool tools in it:
1. a malicious PDF file creator
2. a malicious Java Applet

If you're doing client side penetration tests, sometimes no exploit is
the best exploit. Both of these are "one click to own" things.
Immunity uses the D2 pack against our clients when we do penetration
tests. No one can write everything!

And of course Gleg continues to produce interesting remotes in things
like J2EE servers. Luckily no one uses those, right? At this point
they have 280 additional modules for CANVAS which almost doubles the
size of CANVAS's standard exploit modules.

And there are more third-party packs on the way! The value of these
tools is in the content built on top of them.

- -dave
(hahaha () me at using the word ecosystem. Such a Microsofty word!)
P.S. Everyone should have the cojones to post their static analysis
responses to the list!
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Dailydave mailing list
Dailydave () lists immunitysec com

Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]