lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 30 Apr 2004 14:56:23 -0700 (MST)
From: Bill Nash <billn@...ln.net>
To: Sudhakar-bugtraq Govindavajhala <sudhakar+bugtraq@...Princeton.EDU>
Cc: bugtraq@...urityfocus.com
Subject: Re: Multi stage attacks on networks?




On Thu, 29 Apr 2004, Sudhakar-bugtraq Govindavajhala wrote:

> 	I am a Ph.D. student studying network security at Princeton
> University.  I am trying to see if attacker can use a series of
> vulnerabilities to take over a particular resource.  Has there been prior
> work on this topic earlier? Can someone give me a real example where the
> adversary actually uses  a series of vulnerabilities to break into a
> resource?
>
> 	May be he uses the webserver in DMZ and then uses it to get access
> to fileserver and then uses it to compromise something else?

Almost any compromise is conducted in this manner. I can't think of any
single compromise that didn't start at one point and then turn into a romp
through more vulnerable resources. Dig around for horror stories of IP
capable printers configured with default gateways and default admin
passwords. Another example would be the use of worm style backdoor
infections used as launchpads for more nefarious hilarity.

Go, go, gadget google.

- billn




Powered by blists - more mailing lists