[Dailydave] Hacking Scalability

Dave Aitel dave at immunityinc.com
Thu Aug 27 14:17:38 EDT 2015

New INNUENDO Video is here: https://vimeo.com/137408741

Imagine you have hacked five hundred various boxes in some company that
happens to have a lot of industrial equipment spinning really fast for
some reason. And you want to group them automatically into which
physical rooms they are all in. So you tell them all: At 5:45pm everyone
listen to your microphones for 30 seconds. Then send that data back to
me. Then you see who has the same ambient noise, and group them all
together. So your operators come in the next day, and they have their
INNUENDO GUI (the new one is demoed in the video above) automatically
grouped and labeled for them.

That's the sort of advanced modeling you will do with INNUENDO that you
can't do with traditional penetration testing tools, and you can do it
securely, over DNS or Outlook or any number of other protocols.

The main difference is asynchronicity. Most penetration testing tools
focused their design on exploits, not exfiltration. But making
asynchronicity simple enough to use at any scale is extremely difficult.
This is what Miguel's GUI design is great at, and if you want to try it
out let me know and we can set up a trial of INNUENDO so you can run
your own tests. :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150827/3db96766/attachment.sig>

More information about the Dailydave mailing list