There's a pretty good demo here of a Lotus Domino (8.5 FP1 at least) 0day - http://intevydis.com/lotus_diiop.html . I"m not sure what the market penetration of Lotus Domino is these days, but most large enterprises probably have it.
Tests using 0day like this are a great way to test two things:
* Your secondary defense mechanisms: aka, IPS, IDS, AV, HIPS, etc.
* Your Incident Response team. Testing a team in a controlled
environment against something they've never seen before is hard to
do without 0day.
On the other hand, I assume most IR teams are busy enough they don't
have time for testing. :>
-dave
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
