Hal Pomeranz · May 1, 2017 · 1:27 AM UTC

Hal Pomeranz @hal_pomeranz

1 May 2017

Can you remember the last remote Linux RCE that wasn't web app related (e.g. Struts, Wordpress, Drupal, etc)? Yeah, me neither.

jericho · May 1, 2017 · 1:31 AM UTC

jericho @attritionorg

1 May 2017

CVE-2016-7117?

Hal Pomeranz · May 1, 2017 · 3:40 AM UTC

Hal Pomeranz · May 1, 2017 · 3:40 AM UTC

Hal Pomeranz @hal_pomeranz

1 May 2017

Probably right on that one. But there's too much low-hanging fruit in the web app space for people to look for OS vulns.

May 1, 2017 · 3:40 AM UTC

jericho · May 1, 2017 · 3:42 AM UTC

jericho @attritionorg

1 May 2017

yes and no. you qualified linux remote. linux local DoS is quite prevalent. so people definitely looking.

Hal Pomeranz · May 1, 2017 · 3:48 AM UTC

Hal Pomeranz @hal_pomeranz

1 May 2017

And priv esc too, but I'm pondering initial compromise vectors.