[Dailydave] RomPager

[Dave Aitel]

https://vimeo.com/121925542 - The RomPager bug done up for CANVAS Users!

I want to point out always that only writing the exploit gets you the
ground truth about bugs. Until you have done that, it is all
insinuations and rumors. Sometimes only USING the exploit in the wild
tells you if it will really work. That's why hackers are always like
"This worked in the wild". That's a real thing. It's not boasting so
much as just /the most useful kind of information/. The lab Windows
domain setup is not at all the same as random box out there running so
much crapware that nearly every part of it has been replaced, like the
guy in the new Robocop movie who has to rediscover his humanity in some
sort of twisted allegory about the USA discovering its own humanity in
an age of intelligence driven drone-war.

You know how with fortune cookies it's typical to add "in bed" to the
end of the fortune? With security products it's normal to add "Except
when it doesn't" to the end of all their claims. IPS protects you from
network attacks? Except when it doesn't. AV blocks malicious 0days using
advanced heuristics? Except when it doesn't. And so on. :)

Figuring out that edge case can only be done with not just with an
"offensive mindset" - but in general, by actually doing the offensive
work so many people think is beneath them.

-dave
(P.S. Coming to INFILTRATE is a good idea.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150312/cd00c1f0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150312/cd00c1f0/attachment.sig>