yo, (just some additional info)
if someone is bored enough to do some additional analysis/reading: - http://cawanblog.blogspot.com/2015/02/misfortune-cookie-cve-2014-9222.html or my own adventure with some awkward hardware hacking (refers to other bug though but vendor stays the same): - http://piotrbania.com/all/articles/tplink_patch/ - pb On Thu, Mar 12, 2015 at 2:23 PM, Dave Aitel <[email protected]> wrote: > https://vimeo.com/121925542 - The RomPager bug done up for CANVAS Users! > > I want to point out always that only writing the exploit gets you the ground > truth about bugs. Until you have done that, it is all insinuations and > rumors. Sometimes only USING the exploit in the wild tells you if it will > really work. That's why hackers are always like "This worked in the wild". > That's a real thing. It's not boasting so much as just the most useful kind > of information. The lab Windows domain setup is not at all the same as > random box out there running so much crapware that nearly every part of it > has been replaced, like the guy in the new Robocop movie who has to > rediscover his humanity in some sort of twisted allegory about the USA > discovering its own humanity in an age of intelligence driven drone-war. > > You know how with fortune cookies it's typical to add "in bed" to the end of > the fortune? With security products it's normal to add "Except when it > doesn't" to the end of all their claims. IPS protects you from network > attacks? Except when it doesn't. AV blocks malicious 0days using advanced > heuristics? Except when it doesn't. And so on. :) > > Figuring out that edge case can only be done with not just with an > "offensive mindset" - but in general, by actually doing the offensive work > so many people think is beneath them. > > -dave > (P.S. Coming to INFILTRATE is a good idea.) > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33 -------------------------------------------------------------------- - "The more I learn about men, the more I love dogs." _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
