Re: exploits, good exploits

From: <dave(at)immunitysec.com>
Date: Mon Jul 21 2003 - 22:41:12 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <001401c34fc3$bf811270$1f00a8c0@BADGUY>

Well, CANVAS has only one 0day exploit currently: It has a really nice remote in RealServer. I think having good 0day remotes is the only way to really test how an organization will react to a real intrusion. What's the point in testing your response systems if your reaction team can just search on GOOGLE to find out everything they need to know? So some new vulnerabilities do go into CANVAS - the IIS MediaServer bug was in CANVAS before it came out, for example.

In addition, certain bugs that have been relesed, such as the Microsoft RPC bug that just came out, or the IIS WebDav bug, get put into CANVAS long before the exploits become public. Even though the RPC bug is not "0day" - as they say, "It's 0day to you." If you're trying to convince your CIO to invest in patches or HIDS, or migration to Linux, you can use CANVAS to do so TODAY, and not wait for LSD to release their POC code. And you can do it with a command prompt on the mail server, which many CIOs find very convincing, instead of waiting for the inevitable Microsoft worm to disable your entire network.

Immunity also offers, for larger companies, a service where you can learn about other research Immunity has done, or is currently working on. This is as close to an "0day" service as anything in the market. A lot of this research is driven from Immunity's SPIKE protocol analysis suite (GPLed).

More information on the Immunity Vulnerability Sharing Club, Immunity CANVAS product, and SPIKE are available from http://www.immunitysec.com/.

Thanks,
Dave Aitel
CEO
Immunity, Inc.
"It's 0day to you." :>

>canvas has some 0day exploits and i think it is worth
a buy,
>but another good product is core impact.
for the
>latest bugs in major daemons. it's not very cheap, but
worthy
>for that what u might searching for.
<pen-test@securityfocus.com>
>Sent: Monday, July 21, 2003 8:18 PM
delivered to you before
>> they are delivered to anyone else??? Dont you think
we all want that same
>> thing??
to lists as well..They
>to
>> have exploits delivered to them as soon as there out
in the wild..Get in
>> line
or somthing, where is
>> > posible to buy subscription for good (0day or
somehting) exploits.
>> > How i can find in free resources (SecuriTeam,
pulhas, security focus and
>> > others) it's only not very useful exploits (i
don't speak about WebDav
>and
>> > MSSQLudp exploits).
hackers IRC chanells?
>> >
>> >
>> > Gabriel Rain,

---

>> -
>>
>>

---

>> --
>> >
>> >
>>
>>
>>

---

>-
>>

---

>--
>>
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>

---

---

Received on Tue Jul 22 16:34:20 2003