HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 26 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Vunerability Watch
EH-Net
May 18, 2013, 07:13:09 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Vunerability Watch  (Read 5495 times)
0 Members and 1 Guest are viewing this topic.
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« on: August 02, 2010, 07:17:13 AM »
Hey Guys,

Your regular scene whore here, just kidding hehe, bad joke, i hope to give back as soon as I have harboured more knowledge and have gained more experience in the industry.

Anyway, onto my question.  I have been reading around articles, which in short talk of security experts knowing which exploits are being used in the wild.  From my assuption, one would assume that they are reading various news articles, understanding the severity and the ease of the hack and then making assumptions on what is being used the most in the wild.

Now I have googled around for various resouces and ultimately what I am looking for is a site which collectes statics on what is actually being exploited in the wild.  This is something I havent been able to find.

Does anyone know if such resources exist.  I guess it would be hard to gauge as there isnt a true way to measure what exactly is being exploited, without hearing feedback from the unlucky folk who are being attacked.

So now I have typed this it sounds a little silly and I guess its more to do with understanding the nature of the exploit, but if anyone is aware of a stats site, I would be more than interested in hearing about them.  Cool
Logged
You Cant Resolve Problems Whilst At WAR!
sil
Hero Member
*****
Offline Offline

Posts: 549



View Profile WWW
« Reply #1 on: August 02, 2010, 08:04:11 AM »
The answer to this is sort of complicated and overblown... Complicated in the sense that usually, there are about a dozen reliable sites with hundreds butchering what the dozens are saying. Make sense?

There are sites like Malwarebytes (http://forums.malwarebytes.org/index.php?showforum=30) which try very hard but you have to understand the mechanisms of this for a moment:

1) It is mainly malware - however, most malware deployment exploit SOMETHING to get on the machine and continue on
2) The sampling is low in comparison to the actual amount of malware/exploits running around

Now... Sites like Arbor Networks, Shadowserver, groups like MAAWG and a few others have a lot more visibility via way of trending traffic. For example, if all of the sudden there is a spike in traffic to say port 888 right, there is no indicator of any new application using that port, this would be an indicator that something is obviously going on. Many groups have honeypots that will take that data, configure their honeypots to "conform" to become attackable, study what occurred and there you now have it... An instant write up of an "exploit in the wild."

Sometimes people just stumble upon them as well. Rewind to six years ago... I was cleaning up two seriously infected laptops and swore up and down they were each infecting each other via IRFTP. I posted it to a list, spoke with people offlist and dealt with it.  (http://osdir.com/ml/security.vulnerabilities/2004-12/msg00002.html) Long ago were the days when disclosure meant appreciation from vendors to a degree. Nowadays, its turning more and more into "exploits in the wild" because researchers are fed up with companies taking forever and a day to post fixes, conclusion, less reporting, more serious "exploits in the wild."

Want to catch them on your own, set up some honeypots and make them believable. I suggest if you do, search for terms like "Fred Cohen" +deception +honeypot, etc., to find seriously detailed writeups on how to create effective honeypots. I guarantee you that the amount of "exploits in the wild" you can ever dream about will launched against your honeypot. The problem is... Now what? So you have this rogue software that exploited your machine, you need to understand what it does and why, for that, you could check out and tinker with Lenny Zeltser's REMnux or Zerowine. As for specific sites, I tend to follow the noise via the groups I'm on (Shadowserver, NANOG, UNISOG, MAAWG, etc) coupled with network analysis. SANS storm center is somewhat useful as well.
Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« Reply #2 on: August 07, 2010, 03:55:50 PM »
Hi sil, that was informative, Honeypots facinate me, its definetly on my to do list.  Cool 
Logged
You Cant Resolve Problems Whilst At WAR!
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.061 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.