Home page logo

dailydave logo Dailydave mailing list archives

Re: Faster, smashter.
From: Halvar Flake <halvar () gmx de>
Date: Tue, 09 Dec 2008 11:10:20 +0100

Hey all,

It seems that discussions in ITsec are periodic -- the same discussions and
same arguments come up again and again.

1. Of course attackers use new vulnerabilities. It is the nature of offense.
Defense is done "to the maximum of current knowledge". Offense, by it's
nature, has to expand on the status quo.

2. How do you simulate an attack with a new vulnerability if you don't
have one ?

Well, military folks do wargames all the time without actually using up
the arsenal
they have on the shelves. Network attacks should probably be done in a
manner -- have an umpire, and give the attacking team a few "0day
cards". With these
cards they get high-probability code execution for a piece of software
of their choice.

The pentest then proceeds like a game, but can be conducted on the real
network, too.

But I am repeating myself ...

Dailydave mailing list
Dailydave () lists immunitysec com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]