Exploits written in languages like C, Delphi, ASM which can be compiled are pre-compiled and added along-with others. On successful exploitation winAUTOPWN/bsdAUTOPWN gives a remote shell and waits for the attacker to use the shell before trying other exploits. This way the attacker can count and check the number of exploits which actually worked on a Target System.
Read more here
by Rishabh Dangwal · 4
Last night I had some stupid stupid experiments with my Android, the blogger client for it and Blogger Draft. Which led to the blog open for invitations only. In the morning I found my mistake and I am sorry for the inconvenience it caused to you.
Truely sorry for that :((
It wont happen again (and next time I am going to test apps and changes on temporary blog first. Point jotted and duly taken).
Cheers and stay gold
"Always outnumbered, never outgunned :P "
by Rishabh Dangwal · 0
It didn't took me too long to realise the actual scenario at infosec, at all leading MNC's. And here I am ranting about it and mind it, everything is appropriately correct.It all started with me applying for a job at a leading MNC, and those guys instead of heeding what I had done (with some powerful references) asked me if I had my CISSP/CISA/CEH/ECSA-LPT/BULLSHIT. Read on..as I conclude these points -
- Any respectably responsible guy who has passion for Infosec has no chances at doing well at corporate unless he sells his soul to Satan of commercialization of security. Those guys (the management and HR) need guys who have certifications which are purely theoretical in nature and has no or little affilitation with hands on security. Worse, once you get in,be prepared to lie, a lot.
- The running gag among my security circle (dedicated guys who care about their network and do their best to save your assess) was that you can never be the security guy by researching, practicing and making your bones in the Infosec jungle. You can be one by getting certified.
- The best a CISSP/CISA does is to write the mails creating security awareness among company, create pie charts for the management while making sure those looked best while presenting himself , NOTHING REMOTELY RELATED TO HANDSON SECURITY and collect the easiest pay cheque on earth. Sad, but true.
- The condition is a result of HR's and guys who are what i call security illiterate, so the best they need a guy who is certified (by cramming notes,taking mocktests, bribing, praying and God knows what else) by some standard and would take the hotshot in just for the sole reason without even testing if he knows anything, and the best part is at the end of the day that guy creates bar graphs of security framework and audit infra of the MNC.
- At the end of the day, these certifications are nothing but to double your salary package, doesn't matter if you know anything or not.
inspired by personal experiences and J. Oquendo's wonderful post at Infosec Island
by Rishabh Dangwal · 4