Home page logo
/

dailydave logo Dailydave mailing list archives

Gifts
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 21 Mar 2013 12:34:11 -0400

    Angel <http://en.wikipedia.org/wiki/Angel_%28Buffyverse%29>: And
    Buffy, be careful with this gift. A lot of things that seem strong
    and good and powerful, they can be painful.
    Buffy <http://en.wikipedia.org/wiki/Buffy_Summers>: Like, say...
    immortality?
    Angel: Exactly. I'm dying to get rid of that.

We put the 32 bit (or we will shortly) version of the PTRACE exploit
into CANVAS Early Updates. I know there are not a lot of 32-bit machines
around who need to be owned, but you never know. We also updated the 64
bit version, so if you already downloaded that, you'll want to update.


























    Also, we released a new CANVAS, and the best new exploit in it is
    the new Adobe Flash Regex exploit.

I know there's some sort of malware
<http://malwaremustdie.blogspot.ca/2013/02/cve-2013-0634-this-ladyboyle-is-not.html>that
uses this vulnerability but one of the advantages of using CANVAS is
that you get a working version of this exploit that AV's can't catch
(it's hard to build generic detection for this sort of thing). We've
done a ton of QA on it as well, and it does magic info-leaks and various
other tricks to do things properly. I know the team went back and forth
with a few strategies during the process of building it. It's fun to
watch - one of the small pleasures of the job.

















    '-dave











Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
  • Gifts Dave Aitel (Mar 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault