Exploit_Research - Exploit research Keeping tabs on the...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Exploit research: Keeping tabs on the hacker underground Ed Skoudis 02.21.2008 Computer attackers are constantly innovating, improving their attack technology and business schemes. A key resource bad guys often rely on is the exploit techniques pioneered and shared by security researchers and people in the computer underground; a mixture of white hat and gray hat security pros. Vulnerability disclosure is a controversial topic with no shortage of opinions, but regardless of your personal stance, the reality is malicious hackers will use whatever information is available to them. That means security professionals should keep abreast of the latest exploits and attack techniques by carefully monitoring certain Web sites of researchers and the computer underground. Monitoring what they are working on today can help anticipate the techniques attackers will likely use tomorrow. To that end, let's look at some of the most valuable Web sites for understanding late-breaking attack techniques. The Metasploit Project : This Web site, written by security luminaries including H.D. Moore and the researcher known as Skape, not only distributes one of the most powerful free exploitation tools available today, but also hosts blog-like Metasploit news that describes some of the latest security research focused on exploiting all kinds of machines, including Windows, Linux and even Apple's iPhone. Secunia : Secunia is a company dedicated to providing its clients, as well as the public, with intelligence about the latest vulnerabilities in computer systems. Its free summaries of recently discovered flaws are among the most up-to-date anywhere, providing solid details about mitigating flaws if such defenses are available. One of the best aspects of Secunia's vulnerability
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/14/2011 for the course CPE 549 taught by Professor Sparks during the Fall '11 term at University of Alabama - Huntsville.

Page1 / 3

Exploit_Research - Exploit research Keeping tabs on the...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online