cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Chuxing
Community Champion

Exploit database

For those who can dive deep into vulnerability analysis, this exploit database might be a useful source.

 


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP
6 Replies
Kaveh
Newcomer II

all it takes to deep dive into a vulnerability is  deep knowledge of targeted system and its API or source code. but for starting to find an interesting topic and being able to rely on professional contribution, I found deep web useful, I never found surface web being able to give you anything valuable in context of technical vulnerabilities.

AppDefects
Community Champion


@Chuxing wrote:

For those who can dive deep into vulnerability analysis, this exploit database might be a useful source.

 


To keep on the cutting edge I watch a number of different "security researcher" Twitter feeds and Reddit...

Caute_cautim
Community Champion

Hi @Chuxing Good to explore the vulnerabilities and exploit lists, but I want to know exactly what is going on now, and what is the priority as to what I have to do right now.  An example of collaboration with other partners and it is totally free (yes free of sales people) oh wow, driven by the security community members in private or public groups.  We need more collaboration, between different sources, but we also need to see what is happening in the real world too.  This also includes inputs from Cisco Talos and many others.

 

The cyber criminals are weaponised, just waiting for the opportunity to take advantage of some not necessarily poor victims.

 

https://exchange.xforce.ibmcloud.com/activity/map

 

https://exchange.xforce.ibmcloud.com/

 

Regards

 

Caute_cautim

 

Chuxing
Community Champion

Hello all @Caute_cautim @AppDefects @Kaveh @Beads 

Good listings and good points.

I find this forum needs some additional info for folks are knee-deep into the weeds, and it is good to exchange the readings to broaden individual's perspectives and exposures.

We all know infosec is a rather complicated and involved topic. thus more info is always a plus.

 

Thanks to all.


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP
Beads
Advocate I

Same here but I cannot go back to multi-billion dollar clients and explain that while mucking around in the "Deep or Dark or Invisible Web" that I found details on a vulnerability so unique, so special, that I felt the need to share this dark knowledge with them out of the generosity of my blackhatted heart.

 

Generally the more esoteric the vulnerability the less credibility said vulnerability will have on the business and has only lead to more scrutiny than it has been worth reporting directly. With these I generally find an "excuse" to test in non-production first, if successful move on to a controlled test within prod and so on.

 

We have many fine, knowledgeable folks on this board who may or may not be completely up to date on vuln research so I try to keep much of my comments and examples as broad as possible to serve the community before serving my ego with detailed examples of deep, dark or invisible web sources. We have dedicated hacker forums for that. If you need to go venture there you also know to keep your mouth shut and your sources in discretion.

 

- b/eads