You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This looks like an awesome tool, but in among its options, should be the ability to search for specific lists of known exploits, backdoors, & nondefault configurations. While the tools does appear to be intended for finding just those things, it appears from the doc page (and I have to admit I haven't actually tried it out yet) that the reports it typically generates are likely to have much of this buried in reams and reams of other data. Another possibility might be to assign each flagged entry a 'badness' value from 1-10, so that the report might be sorted with the most interesting data at the top. I admit I've been looking for something like this ever since I watched Harmj0y's 'An ACE in the Hole: Stealthy Host Persistence via Security Descriptors' presentation at Derbycon in 2017.
The text was updated successfully, but these errors were encountered:
This looks like an awesome tool, but in among its options, should be the ability to search for specific lists of known exploits, backdoors, & nondefault configurations. While the tools does appear to be intended for finding just those things, it appears from the doc page (and I have to admit I haven't actually tried it out yet) that the reports it typically generates are likely to have much of this buried in reams and reams of other data. Another possibility might be to assign each flagged entry a 'badness' value from 1-10, so that the report might be sorted with the most interesting data at the top. I admit I've been looking for something like this ever since I watched Harmj0y's 'An ACE in the Hole: Stealthy Host Persistence via Security Descriptors' presentation at Derbycon in 2017.
The text was updated successfully, but these errors were encountered: