[talk] Vulnerability Classification and New Concepts

Sujit K M kmsujit at gmail.com
Sat Jun 15 02:31:11 EDT 2019


Hi All,

I am new to security hacking. But I find that Companies, like hardware, publish
vulnerabilities their products have. I see them as CVE be it UNIX/Linux or
Windows. Are vulnerabilities classification so robust that they are  a fixed
set, say memory read or xss.

I  interestingly tried to hack on FreeBSD where we have wheel groups and
say someone in a production system gets a user in wheel group. Now as per me
the person should be able to run basic applications, also if cloud is
where it is deployed. one can trick any user to authenticate to
malicious programs.

What is the opinion on this?

Regards,
Sujit K M




More information about the talk mailing list