This makes me think about how companies like FinFisher provide a 30-day guarantee on their pwning tools. They have enough 0days to guarantee they'll have a working exploit within 30 days of one their currently using being fixed.
Another fun one: pwn a Blackphone with a text message! http://blog.azimuthsecurity.com/2015/01/blackpwn-blackphone-silenttext-type.html .hc Lee Azzarello: > If you haven't seen the fantastic (!) logo for the latest panic room > worthy C bug that will break the Internet into tiny bits which can > never be assembled again, check this awesome write up. > > https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt > > > Of particular note is the PoC using the Exim email server. The author > gets arbitrary code execution by sending a string to a public network > port, which can determine the memory address of a specific piece of > configuration data which is held in memory and when modified can open > up an ACL in the mail server which unlocks the usage of a run() > command which allows the user to run shell code! > > It's really impressive, though I do not believe it allows privilege > escalation. > > -lee > _______________________________________________ > Guardian-dev mailing list > > Post: [email protected] > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > > To Unsubscribe > Send email to: [email protected] > Or visit: > https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info > > You are subscribed as: [email protected] > -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
