Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: [Dailydave] Faster, smashter.
.

  • To: Dragos Ruiu <[EMAIL PROTECTED]>
  • Subject: Re: [Dailydave] Faster, smashter.
  • From: Halvar Flake <[EMAIL PROTECTED]>
  • Date: Tue, 09 Dec 2008 11:10:20 +0100
  • Cc: [EMAIL PROTECTED], Dave Aitel <[EMAIL PROTECTED]>
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
.
 
Hey all,

It seems that discussions in ITsec are periodic -- the same discussions and
same arguments come up again and again.

1. Of course attackers use new vulnerabilities. It is the nature of offense.
Defense is done "to the maximum of current knowledge". Offense, by it's
nature, has to expand on the status quo.

2. How do you simulate an attack with a new vulnerability if you don't
have one ?

Well, military folks do wargames all the time without actually using up
the arsenal
they have on the shelves. Network attacks should probably be done in a
similar
manner -- have an umpire, and give the attacking team a few "0day
cards". With these
cards they get high-probability code execution for a piece of software
of their choice.

The pentest then proceeds like a game, but can be conducted on the real
network, too.

But I am repeating myself ...

Cheers,
Halvar
_______________________________________________
Dailydave mailing list
[EMAIL PROTECTED]
http://lists.immunitysec.com/mailman/listinfo/dailydave
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.