Friday, April 19, 2013

All, I noticed a tweet by HD Moore today giving a shout out to this post written last week by Ed Skoudis. Very good read. Here's a link and an excerpt:

http://pen-testing.sans.org/blog/pen-testing/2013/04/08/when-offense-and-defense-become-one

"at sufficiently advanced technical levels, offense and defense sometimes merge and become one. Offensive techniques can be used to achieve defensive ends; defensive means can be used to achieve offensive ends; and, sometimes, the inherent technical skills of offense and defense are actually identical."


"Consider these examples:
  • Endpoint security suites: Have you ever pondered what these tools really are? With their integrated anti-virus, personal firewall, and host-based Intrusion Prevention Systems, they operate at a fairly low-level of most operating systems, hooking all kinds of system calls so that administrators can maintain control of the machine. Wait... that's a rootkit! The only difference between an endpoint security suite and most rootkits is the level of functionality and who controls it: good guy administrators or bad guys. So, we've got a multi-billion dollar segment of the infosec industry that is actually built on selling commercial rootkits, also known as endpoint security suites."
Ed Skoudis is a very dynamic teacher there at SANS, and I recommend his courses to everyone.