[Dailydave] The Many Flavors of MITM

[dave aitel]

One thing I always look for in the IR reports I read is whether or not
anyone out there has the same kind of advanced methodology for MITM that
QUANTUM and other EQGRP tools represents. There are a lot of different
ways to do MITM. You can be close (like SILICA with Wireless attacks) or
far (SQLi in major web sites doing directed watering hole attacks) or on
the side (DNS/Naming system attacks). Sometimes MITM is a race and
sometimes it's straight forwards. But there are clearly two types of
predator societies on the Internet: Ones that eat mostly out of the
overflowing bonanza of a bug surface trough provided by MITM, and people
who still do phishing.

Immunity saw this many years ago, and has been crawling towards having a
good MITM framework ever since. This is a very subjective term, since
usually until you've exploited a ton of MITM bugs you don't realize what
you want in that framework. The very latest INNUENDO
<http://www.immunityinc.com/products/innuendo/>1.6.1 (released today!)
has a lot of scalability fixes, but also unleashes the sniffer module
into the Python executor framework we've built up. This is the first
toehold on the whole MITM universe.

I don't know what the word is for the kind of thing this
MITM-focused-exploitation is. It's not "Bug Class". It's not "Attack
Surface". It's something more encompassing. Bug Galaxy? Someone wake up
Halvar and ask him.

Also: Don't forget to submit your talks to INFILTRATE! 
(http://opencfp.immunityinc.com/)

-dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20161028/3cbe3fa5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: boots_void.PNG
Type: image/png
Size: 4146165 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20161028/3cbe3fa5/attachment-0001.png>