Last month we added a new space on TestCloud with thousands of known attacks as .msl templates. Some of you may recall that the secret behind the speed of test creation with Mu is in the way we can take in a wide variety of formats including .pcap, .har, curl to name a few and convert it into MuSL. So what we did was we took another look at our known attack templates and made that available as .msl templates.
We provide our users with a monthly drop of known attack templates, also known as published vulnerabilities. These are pulled from a variety of sources. What’s exciting is that we have now converted these tests into MuSL (Mu Scenario Language). As a result each of these test templates gets parameterized and can be run at scale. They can be sent concurrently from multiple IP addresses and can really stress out IPS/IDS system. In fact, just one of these tests when run concurrently caused a high end security gateway, which shall go nameless, to implode and get reduced to bare metal that offered zero protection. You can find the space for the known attacks on Testcloud here. All this is available to Mu users who have the published vulnerability license and the scale license.
Our supply of known attacks are pulled form various sources including –
- BugTraq mailing list
- Full Disclosure mailing list
- Linux Security alerts
- Published alerts from ZDI, Tipping Point, iDefense
- SANS Internet Storm Center
- Vendor-specific feeds from Oracle, Microsoft, Novell, IBM, Red Hat and others
- Exploit sources such as Metasploit and Exploit-DB (milw0rm)
- Security Tracker
- Reliable independent researchers
- Social media such as Twitter
- Mainstream news such as The Register
In addition, we cross reference our coverage with other alerting sources such as Secunia, VUPEN, and Security Focus.Â Happy testing, this is going to cause a lotta damage!