Pages: [1]

Author Topic: Vulnerabilities / Exploitation  (Read 789 times)

0 Members and 1 Guest are viewing this topic.

Offline shome

  • Peasant
  • *
  • Posts: 81
  • Cookies: 8
    • View Profile
Vulnerabilities / Exploitation
« on: March 06, 2015, 12:16:28 pm »
Hey Folks,

I have a couple pretty simple questions regarding exploitation and a lot of the vulnerabilities in the wild today. Basically, when you read about these new vulnerabilities (CVE XYY) etc, there is always something I'm curious about. I'm not being platform specific here, but let's say there was a bug found in OpenSSH, in this case a buffer overflow that granted root privileges, which someone would then write an exploit to carry out.

* What usually makes a person target a specific service / daemon/ platform ? Their specialty ? Maybe their experience, preference ?

* I know this is the noob thread, so with that said I have a bit less trepidation to ask here, but how long in the grand scheme of things did a lot of you practice this craft before really delving deep into exploitation ?

* I read that a zero day can sometimes go for $250,000.

* maybe this one is common sense, but I notice that a lot of exploits that are fairly new are not released that quickly on any bug tracking websites. Skiddy prevention ?

At this point so far, I have an absolute blast with Python, a little bit of Java now, and some HTML, CSS stuff for my web server.

My goal is to be a pen-tester someday, so I'm trying to slowly but surely learn what goes on under the hood with a lot of different attacks both in the wild and in the past.

Not expecting to be spoon fed here by the way. I appreciate any input.
« Last Edit: March 06, 2015, 12:19:51 pm by shome »
Report to moderator   Logged

Offline ZiLOG

  • /dev/null
  • *
  • Posts: 14
  • Cookies: 4
    • View Profile
Re: Vulnerabilities / Exploitation
« Reply #1 on: March 06, 2015, 05:17:08 pm »
Top tier security researchers definitely specialize in particular technologies, for example ARM platform running Android OS.
 
If you like to travel and want to be part of red team testing corporate security, then more general knowledge (“jack of all trades, master of none”) would be applicable as you don’t know what technology/platforms you are going up against. If you prefer more stability, desk job, then specialize.

One reason researches do not publish details of vulnerabilities right away is so called “responsible disclosure”, which in essence is a recommended model for steps researcher should take before making full public disclosure. This is not a law by the way.

It is somewhat frowned upon in the infosec community, but there are ways of making money by selling research to 3rd parties, both shady underground markets and legitimate companies. Of course nation states are always interested (usually buy the intelligence by setting up fake private companies).

My personal preference is engaging in private bughunting programs, such as Bugcrowd and HackerOne. Each program has responsible disclosure rules + you can earn cash. It’s a good way to legitimately test your skills and get some “street credit”.

Hope this helps.

Z
Report to moderator   Logged
Pages: [1]