lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Apr 2004 14:56:23 -0700 (MST) From: Bill Nash <billn@...ln.net> To: Sudhakar-bugtraq Govindavajhala <sudhakar+bugtraq@...Princeton.EDU> Cc: bugtraq@...urityfocus.com Subject: Re: Multi stage attacks on networks? On Thu, 29 Apr 2004, Sudhakar-bugtraq Govindavajhala wrote: > I am a Ph.D. student studying network security at Princeton > University. I am trying to see if attacker can use a series of > vulnerabilities to take over a particular resource. Has there been prior > work on this topic earlier? Can someone give me a real example where the > adversary actually uses a series of vulnerabilities to break into a > resource? > > May be he uses the webserver in DMZ and then uses it to get access > to fileserver and then uses it to compromise something else? Almost any compromise is conducted in this manner. I can't think of any single compromise that didn't start at one point and then turn into a romp through more vulnerable resources. Dig around for horror stories of IP capable printers configured with default gateways and default admin passwords. Another example would be the use of worm style backdoor infections used as launchpads for more nefarious hilarity. Go, go, gadget google. - billn
Powered by blists - more mailing lists