Saturday, September 6, 2008

Client-Side Exploits has taken its time in concentrating on client-side exploits. This does not mean that we wear different hats or that we use it for malicious purposes. Anushree, a team lead of client side exploits has written an article on client-side exploits that would be published in Nov 2008 at Hakin9. This article involves intro to the making and working of client-side exploits, clear classification of client-side exploits and their mitigation techniques.

Ion and Anushree are now planning on writing the second version of the same article, which involves more indepth analysis and research on client-side exploits. We ( have noticed that we should concentrate on exploits in particular, rather than the semantics behind it as we believe that each exploit has its own importance.

The trend in exploits was first seen against the servers and server softwares. Then the exploit writers concentrated on the client-server side, and targeted web based applications (webapps). Now we see the trend moving towards client-side software. Even though this trend was seen since 2005, this has increased exponentially and we now have 100's-1000's of exploits a day. 1000's may sound exajurating, though what we mean is that we see a great increase in client-side exploits and hence we wanted to throw some light on it. Milw0rm has a great listing of Client-side exploits.

Please do leave your comments at contact.fingers {at} We do appreciate both good and bad comments as we believe that every single comment is important for us.

- EvilFingers

No comments: