Hi Aviv/Pukhraj others:
As a security professional and researchers, our aim is to provide
more in-depth information on intrusion (security) aspects, for
example, some virus out-break, new windows vulnerability etc. Aviv is
right by saying that signatures should match the vulnerability, not
And you tell me how many of these variants you will actually find in
the wild. Won't be a significant number I bet.
Cheers!
Pukhraj
On 9/27/06, avivra [EMAIL PROTECTED] wrote:
Hi,
i.e. I can't afford to buy specialized security tools/devices for
speclialized attacks unless my company
.
-Original Message-
From: Pukhraj Singh [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 28, 2006 7:37 AM
To: avivra
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures
Sanjay,It's notthat bad as it sounds. This whole discussion was in the context of client-side scripting attacks and how commercial IPS/IDS solutions tackle them (andI am talking about the best-of-the-breed here, not confined to India). I wanted to show some disbelief on the fact as to how
Hi,
i.e. I can't afford to buy specialized security tools/devices for
speclialized attacks unless my company relies heavily on web/content
services.
So, you will buy specialized security tools like firewall or
Anti-Virus, but not web content filtering tool?
In our company, we established a
The code for exploiting the unpatched VML vulnerability is in-the-wild
for a week or so. This was enough time for Anti Virus, IPS/IDS and
other reactive security products' vendors to create a signature for
the in-the-wild exploit.
So, I put my hand on one of the in-the-wild and tested it using
Nice work Aviv! All of these methods, along with a few extras, are
implemented in the Metasploit 2.6 version of this module. Last I checked,
not a single AV or IPS could pick it up. This module should work on every
version and service pack of Windows.
Has anyone tested these against the (very) recent MS patch?
-JP
On 9/26/06, H D Moore [EMAIL PROTECTED] wrote:
Nice work Aviv! All of these methods, along with a few extras, are
implemented in the Metasploit 2.6 version of this module. Last I checked,
not a single AV or IPS could pick it up.
Hi,
There are gateway solutions out there which implement sort-of lexical
parsers (e.g. www.esafe.com, www.webwasher.com, www.finjan.com).
Also, there is no way to gather the maximum number of exploit variants as
you can. Because, by using server side scripting to randomize the exploit's
Aviv, There are gateway solutions out there which implement sort-of lexical parsers (e.g. www.esafe.com, www.webwasher.com, www.finjan.com).Isn't it wonderful that we got these wonderful technical solutions? But without even arguing the technical capabilities of the above-mentioned
H D Moore wrote:
Nice work Aviv! All of these methods, along with a few extras, are
implemented in the Metasploit 2.6 version of this module. Last I checked,
not a single AV or IPS could pick it up. This module should work on every
version and service pack of Windows.
Avivra,
I acknowledge the research you and Ertunga
(http://www.immunitysec.com/pipermail/dailydave/2006-September/003557.html)
have put up.
Protection against client-side scripting vulnerabilities is the
Achilles' Heel for all network-style IDS/IPS vendors. These languages
offer too much
12 matches
Mail list logo