金曜日, 9月 02, 2011
(InfoSec) Exploit Database - Two Sided Blade
Exploit code is the window of the vulnerability, the spear of attack, used by attacker to penetrate a vulnerable system. I always conduct real time monitoring of exploit info as one of habit in my work; at the time exploit disclosed and exposed in public, from zerodays status until patched and the CVE number issued, watching it went to metasploit and the last thing to look ever is the exploit database sites..
I used to collect the proof of concept related to the common exploit information in order to make a security asassment for some systems for its security liability by comparing new exploit to the old one and for this purpose exploit database is very useful. And I am talking about the exploit database site like packetstormsecurity.org , exploit-db.com , 1337day.com , exploit-id.com et cetera.. These sites are collecting the exploit codes as a database of PoC, like you can see it in this URL.
Recently, instead to park those PoC, these sites exposed new vulnerabilities too, like zerodays exploits (SQLi/XSS/CSRF) related to the WebAppsand CMS systems like WordPress or Joomla! .. and down to the multi platform exploit of the shellcode levels. Some changes for its status..
Regardingly, I discover by monitoring these sites was the great numbers of backhats followers which are actively monitoring & contributing PoC codes is much larger than whitehat ones, which causing the exploit code after recorded exploit database sites can soon be found in the exploit pack or exploit kit in no time.
There is no such thing as secure system in the internet security world we know, but one of the idea is to control the exploit code flows in the minimum level of access to avoid its misused. Since the control system doesn't exist yet, but I believe by controlling these PoC access we can create much safer internet.
アドリアン・ヘンドリック ( Hendrik ADRIAN )
Sponsored by: 株式会社ケイエルジェイテック
Posted by unixfreaxjp at 7:00 午後