-
March 24th, 2008, 10:21 PM
#1
Script Kiddie Noobsauce
Script Kiddie Tactics (or the Lack Thereof) -McGrew Security Blog
From the "you're not kidding anyone" file:
The real bottom-of-the-barrel here is the attacker that tries to compromise a site with a tool meant for vulnerability assessments. These are tools that are not built for any sort of stealth or finesse, because they are meant to be run in the course of a vulnerability assessment by a pentester (using the term loosely here) or systems administrators that want the scan over with quickly. In this case, it doesn’t matter if it leaves a huge signature in the logs or if the IDS screams bloody murder, because the person responsible for tending to those alerts is the person who ran the tool, or is at least aware of the test. This is not as desirable for an attacker who is trying to avoid getting caught or alerting admin/security staff of a breach.
Robert Wesley McGrew of U3 drive hacking fame adds to the discussion with some telling log dumps. Enjoy!
Similar Threads
-
By mjk in forum AntiOnline's General Chit Chat
Replies: 8
Last Post: June 14th, 2004, 03:42 AM
-
By tyger_claw in forum Cosmos
Replies: 8
Last Post: December 11th, 2002, 09:15 AM
-
By jonesjones123 in forum AntiOnline's General Chit Chat
Replies: 14
Last Post: August 1st, 2002, 07:35 AM
-
By {P²P}Apocalypse in forum AntiOnline's General Chit Chat
Replies: 4
Last Post: February 20th, 2002, 08:12 AM
-
By autumn regret in forum Non-Security Archives
Replies: 32
Last Post: December 6th, 2001, 02:25 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|