Grey Hat Sites
70
WatchGuard System Manager
Grey Hat Sites
We characterize these security researchers as "grey hats" because, unlike white hats, they might not
inform the appropriate manufacturer before publicly revealing their findings and posting exploit code
(often passed off euphemistically as "proof of concept" code). Technically they're not breaking laws or
acting maliciously, like "black hats." But announcing security holes before vendors can fix them is like
giving an army a map of the castle they're attacking, with a big red arrow marking the secret entrance.
Grey hats commonly claim their behavior contributes to overall security by making vendors watch
themselves more diligently. Whether that is true is a battle we'll leave to someone else.
Nonetheless, "grey hat" sites are worth inspecting when you want to understand more about how a
particular vulnerability works. These sites are often the first to reveal new vulnerabilities, much sooner
than you'll get the info from the appropriate vendor. When trying to prioritize how urgently you need
to patch flawed software on your network, flaws where the exploit code is publicly posted should go to
the top of your list. To learn whether exploit code is publicly available, monitor our LiveSecurity® alerts,
and check some of the following sites.
Ryan1918.com
On this site, you’ll find hackers selling and trading exploits, including botnets and trojans. In true
script-kiddy style, this forum in not online 100% of the time. If not, try again later - so far, it has
always returned.
Packetstormsecurity.org
This site offers a repository of the Top 20 security tools, advisories, and exploits, updated
throughout the week.
K-otik.com
This French site is usually the first place you’ll find significant exploit code. They also archive
notable white papers in various languages, so multilingual administrators can get a world of
security instruction here.
2600.com
This Web site supplements the printed journal
2600
, the seminal, well-known "hacker's
quarterly," where programmers inform one another of new flaws, exploits, and attacks on
everything from networks to phone systems. Worth a read so you can realistically assess the
strength of your countermeasures.
Governmentsecurity.org
Despite its name, this site is not sponsored by a government. Like many of the other sites we've
recommended, it archives daily security news. But our favorite feature is the moderated security
forums, where you can discuss relevant topics (ranging from general network security, to how to
compile and run specific exploits) with other network administrators.