Infrastructure for Exploitation
Thu, Mar 21
In a very short period of time, exploits became the currency of the computer underground. Well known publicly disclosed exploits were small change, as system administrators adapted to a more hostile Internet and patched their systems as soon as a fix to a vulnerability became available. Private exploits not in wide circulation were big money, as there was no defense against them in most cases. In time, a lucrative market around exploits developed, as interest in their procurement surfaced from multiple domains. In today's lecture, we'll trace the development of the infrastructure meant to support the creation of new exploits. We have three learning goals for today. By the end of our lecture class, you will:
- Learn about the developers involved in professionalizing the creation of new exploits.
- Understand the role that listservs played in the dissemination of security vulnerabilities and associated exploits.
- Appreciate the software frameworks that emerged to improve the process of developing and making use of exploits.
The digital artifact for today is the Metasploit Framework.
The slides for today's lecture are available here.
Read This:
Matt Goerzen and Gabriella Coleman discuss the evolving culture around exploits development in their piece Wearing Many Hats: The Rise of the Professional Security Hacker.
Do This:
Writing Reflection 04
See the instructions posted on the assignment's page.
This writing reflection is due on 3/26 at 5pm.