[Dailydave] With a real team, it's not about the numbers

Dave Aitel dave at immunityinc.com
Tue May 1 10:05:41 EDT 2012

I find articles like the recent one in Forbes <http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/> quite funny in a way - and likewise talks about "rootite" and bug mining and so forth. Part of this is because philosophically I know that teams who focus on the money tend to lose. Obviously you need a lot of money to get things done in this industry, but I think it's a slippery slope from that to looking for where the money really is, which is defense <http://immunityinc.com/infiltratemovies/movies/andrewcushman_keynote.mp4>. 

And when you're doing defense, you're not writing exploits, you're creating "security tests". You're not as concerned with "where will this exploit get me" so much as meeting this month's exploit quota. "How many checks do you have?" is the kind of customer you're competing for.

This month CANVAS released one exploit. And that one exploit in Samba is worth more to me than a hundred "security tests" in random bits of Microsoft software no one interesting has ever installed. [1] 

You can see it in action here, or if you have CANVAS, you can download it as of last night. 

[1] As a side note, you'll notice none of the static analysis companies can find this bug. 
[2] Also you should read Kostya's blog post <http://expertmiami.blogspot.com/2012/05/skype-does-away-with-random-supernodes.html> today just because it's in English.

INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120501/160a1ffe/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120501/160a1ffe/attachment.sig>

More information about the Dailydave mailing list