Comments on: ToorCon 9 – Day 0 and 1 http://www.tssci-security.com/archives/2007/10/22/toorcon-9-day-0-and-1/ top secret/secure computing information Sun, 27 Mar 2011 12:47:22 -0500 http://wordpress.org/?v=2.8.6 hourly 1 By: Jason Medeiros http://www.tssci-security.com/archives/2007/10/22/toorcon-9-day-0-and-1/comment-page-1/#comment-2395 Jason Medeiros Tue, 13 Nov 2007 17:13:21 +0000 http://www.tssci-security.com/archives/2007/10/22/toorcon-9-day-0-and-1/#comment-2395 Yeah, i've been getting a lot of skepticism lately about it. I had the code with me and was trying to show everyone how its completely modular and blah blah blah, but no one wanted to see code. Everyone was too occupied with drinking, so i just went along with that plan. Either way we're planning a commercial release soon enough and instead of it just generating exploit source code, it generates multi-payload exploit modules that sit in an exploit list, which is usable for pentests (kinda like Core etc). Its sweet. if you're ever in San Diego and wanna come have a look, give me an email and we'll go catch a beer or something. I'm always down to demonstrate for the non-believers. Hehe. Cheers~ Jason Yeah, i’ve been getting a lot of skepticism lately about it. I had the code with me and was trying to show everyone how its completely modular and blah blah blah, but no one wanted to see code. Everyone was too occupied with drinking, so i just went along with that plan. Either way we’re planning a commercial release soon enough and instead of it just generating exploit source code, it generates multi-payload exploit modules that sit in an exploit list, which is usable for pentests (kinda like Core etc). Its sweet. if you’re ever in San Diego and wanna come have a look, give me an email and we’ll go catch a beer or something. I’m always down to demonstrate for the non-believers. Hehe.

Cheers~
Jason

]]> By: Marcin http://www.tssci-security.com/archives/2007/10/22/toorcon-9-day-0-and-1/comment-page-1/#comment-2048 Marcin Tue, 23 Oct 2007 05:55:28 +0000 http://www.tssci-security.com/archives/2007/10/22/toorcon-9-day-0-and-1/#comment-2048 I read the paper, and I wished that Larry would have included more information. To me, the information doesn't say anything because it doesn't relate to how these applications are being used. Using a default scan mode on these applications is like owning a Vette and never taking it over 3000rpm. I read the paper, and I wished that Larry would have included more information. To me, the information doesn’t say anything because it doesn’t relate to how these applications are being used. Using a default scan mode on these applications is like owning a Vette and never taking it over 3000rpm.

]]> By: Robert http://www.tssci-security.com/archives/2007/10/22/toorcon-9-day-0-and-1/comment-page-1/#comment-2046 Robert Tue, 23 Oct 2007 05:16:03 +0000 http://www.tssci-security.com/archives/2007/10/22/toorcon-9-day-0-and-1/#comment-2046 If you read Larry Suto's paper, NTOSpider had zero false positives and found more valid bugs than the others. Coverage just seem to be something that people picked up and seem to ignore other facts from the report. If you read Larry Suto’s paper, NTOSpider had zero false positives and found more valid bugs than the others. Coverage just seem to be something that people picked up and seem to ignore other facts from the report.

]]>