lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200307220325.h6M3PVk18016@netsys.com>
From: johnqpublic2323 at mailvault.com (John Q Public)
Subject: Re: exploits, good exploits

0ddly, I didn't get a copy of the original message in my inbox - but I
have a few things to say about this thread.  First off, if you are
getting your exploits at public distribution sites such as:

 http://packetstormsecurity.nl/exploits20.shtml
 http://www.k-otik.com/exploits/
 http://www.securiteam.com/exploits/
 etc..

then you are already *several* steps behind the curve.  Climbing up the
chain, you will see release points such as exploit authors/groups
websites.  Higher still, you have private exploit distribution networks
such as trading in IRC channels and private mailing lists (I run a
private 0day mailing list myself, less technical than 0daydigest but
more action).  In these cases the way you get involved is if you
contribute something - you need to offer something new.  Beyond the
aforementioned, you pretty much just have the exploit developers
themselves.  My recommendation is learn to find your own bugs and write
your own code.

Though, it's interesting - there are now commercial grade exploits being
offered for sale from companies!

   $995 http://www.immunitysec.com/CANVAS/
 $15000 http://www.coresecurity.com/products/coreimpact/index.php

These packages are similar but include different exploits and framework
so it would be hard to compare the two.  Expect this short list (2) to
grow to dozens in the coming years, including opensource/free versions
I'm sure (but I hope not).

jqp

--- Frank Boldewin <frank.boldewin@....de> wrote:
> canvas has some 0day exploits and i think it is worth a buy,
> but another good product is core impact.
> they made a good product full of reliable exploits, for the
> latest bugs in major daemons. it's not very cheap, but worthy
> for that what u might searching for.
> 
> cheers,
> frank
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ