“Big money! Big prizes! I love it!”
Smash TV quotes. Love ‘em.
Speaking of big money, the commercial exploit market’s growth isn’t making it any easier to bid on penetration test gigs. If you want to provide the highest assurance you’re capable of to clients, then of course you would like to have your hands on all the exploits out there, both public and private.
| product | to start | quarterly | total |
|---|---|---|---|
| d2 | $1,950 | $850 | $5,350 |
| gleg | $1,400 | $700 | $4,200 |
| argeniss | $1,000 | $500 | $3,000 |
| canvas | $1,450 | $730 | $4,370 |
And the crème of the crop:
Immunity Sec’s Vulnerability Sharing Club $50,000 - $100,000 per year
Attacking with anything less in hand tends toward negligence, especially if you do so without disclosing what you’re missing. Pay to have all and you’ve likely priced yourself out of competitive bids.
The winners here, again, are the attackers.
“Good Luck… you’ll need it!”
Follow-up on using unicornscan for a big scan (400,000+ public IPs)
I’m happy to report our growing experience using unicornscan for large discovery sweeps is a positive one. Our confidence in using this tool has increased and it is now our preferred weapon of choice for scanning large IP swaths.
To recap: We performed a sweep of 400,000+ public IPs across multiple continents by configuring the scans to do a full TCP port scan of each IP, sustained ~55 Mbits/s using between 3 and 5 systems, and completed it in a matter of days.
This is pretty good considering by sending two SYN probes per port it meant sending ~52.5 billion packets and producing some 3 Terabytes of data.
Nmap is often our preferred tool, and we used it to spot check our results with unicornscan, but from now on it will come down to the details of the gig to make the choice.
Tech note: We avoided problems with table overflows and other like issues by placing the systems directly on the internet and with iptables turned off.
