mailing list archives
Re: Faster, smashter.
From: Halvar Flake <halvar () gmx de>
Date: Tue, 09 Dec 2008 11:10:20 +0100
It seems that discussions in ITsec are periodic -- the same discussions and
same arguments come up again and again.
1. Of course attackers use new vulnerabilities. It is the nature of offense.
Defense is done "to the maximum of current knowledge". Offense, by it's
nature, has to expand on the status quo.
2. How do you simulate an attack with a new vulnerability if you don't
have one ?
Well, military folks do wargames all the time without actually using up
they have on the shelves. Network attacks should probably be done in a
manner -- have an umpire, and give the attacking team a few "0day
cards". With these
cards they get high-probability code execution for a piece of software
of their choice.
The pentest then proceeds like a game, but can be conducted on the real
But I am repeating myself ...
Dailydave mailing list
Dailydave () lists immunitysec com
Re: Faster, smashter. rauc (Dec 09)