Sunday, September 26, 2010

Exploit Next Generation

The Exploit Next Generation® Compliance Methodology (f.k.a. Encore Next Generation) was first designed in 2004 and coded in 2005, and the main goal is showing everyone that one single vulnerability does not mean one single way to exploit this vulnerability.

While some excellent researches have been done addressing OS based protection (such as: DEP and ASRL), the Exploit Next Generation® (ENG++) Compliance Methodology addresses the security designed solutions, and gets a powerful approach when combined with other techniques.

That is the very first definition of "Z-Day Attacks" concept:
"Any new attack exploitation variant that cannot be detected by regular security solutions and/or products."

The ENG++ (pronounced /ěn'jĭn/ incremented):
Is more a methodology than a single tool.
Requires a deep knowledge of vulnerability.
Helps to create new exploit variants, maintaining the reliability.:
Penetration test;
Exploit Development;
Security Solution Evasion Test;
Security Solution Quality Assurance;

Can be applied for any open attack frameworks, such as:
Metasploit Framework;
CORE Impact Pro; and
Immunity CANVAS Professional.


No comments: