mailing list archives
Re: DEP, HardWare Virtualization VM , 64 bit O/S
From: HD Moore <hdm () metasploit com>
Date: Tue, 08 Jun 2010 11:51:12 -0500
On 6/8/2010 7:31 AM, levene10 wrote:
I cant help but ran through some of the standard security features of new
standard cpus and modern windows operating systems...( vista & 7 )
Which exploits and payloads of metasploit framework try to circumvents
I believe none , since all your buffer overflows, heap / stack corruptions
have to choose the NoNx platform (a joke) to exploit, the framework has no
rootkits explits which 64bit windows and VM have effective containment..
I am starting to get confused..
Kindly point out briefly metasploit framework's abilities to exploit new
If you can point out public exploit code for these systems we would be
happy to port them to Metasploit. Most of the time, the work required to
make these exploits work on DEP/ASLR/64-bit (when possible) is time
consuming and results in an exploit that is not reliable even in the
best case scenario.
You can see some examples for MS08-067 and some of the client-side
exploits, but the fact is these types exploits are slowly dying. That is
why you see an increase in coverage for logic flaws, command injection,
and authentication bypass vulnerabilities.