I have used public exploits for: 1. Verifying that the manufacturer's recommendations have been followed and that they work. This was invaluable in the first few rounds of Microsoft RPC patches a couple of years ago - some patches appeared to have installed correctly but the machines were still vulnerable. They would not have been patched successfully without exploit testing. Yes, the public exploit code helped lead to widespread malware outbreaks, but those first few bugs were so blatant that black hats could exploit them easily anyway and the outbreaks still would have happened. Witness the continuing success of those vectors. The public exploits at least let us test to see if we were prepared.
2. Developing methods to detect the exploits. 3. Understanding the exploitation process better. This way I can make the hard sell on taking systems off line for patching with the appropriate urgency. 4. Blocking appropriate attack vectors (and thinking of other potential vectors), and making sure the attacks don't get through. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
