ksaj 5 years ago

Infosec tooling.

Why Meterpreter isn't controlled by an AI or achieving some other autonomous state, I'll never know. Its like hackers forgot that viruses and worms were ever a thing, and yet therein lies the next big leap... lateral movement without c&c. Anyway, Metasploit has been with us a long time, and is a good example.

Other much earlier tools like nmap have lived through Y2K and are still in regular use to this day.

While the software itself has progressed a lot, their initial purposes have not left us. The same names always crop up when looking through decades-worth of hacker tools.

Everything about firewalls today, other than new lingo (like clouds) is pretty much the same. That is surely a stable technology that remains ubiquitous.

Look how old ISO2700x and 17799 standards are. They (one is really an "upgrade" of the other) are here to stay for a while.

  • world32 5 years ago

    > Why Meterpreter isn't controlled by an AI or achieving some other autonomous state, I'll never know

    How do you think meterpreter would be controlled by an AI? Do you think there should be an AI that will automatically figure out a way to hack into a system or escalate privileges?

    Regarding other tools like nmap and metasploit - they are frameworks which let you run modules specific to certain exploits. Metasploit has countless of new modules being developed all the time. And nmap has its own scripts to target new kinds of attacks.

    Though the basic functionality of nmap will not change anytime soon because network protocols are largely the same since 10 years ago.

    • ksaj 5 years ago

      I see it doing the standard recon and working the appropriate exploit that would likely provide the most leverage with the least noise, but from within the target environment. So, yea, you've provided some good examples.

      Once behind the firewall, outbound connections to a c&c could set off alarms. Especially if the connections are sourced from multiple internal systems to a single external one. So let an ai decide what to do once lateral movement options become available, then report back findings at a more appropriate time and method that is also less likely to ring bells.

      That's just a quick synopsis. There is a lot more that could be done, but the secondary exploitation/invasion stages would probably see the biggest gains.

      • world32 5 years ago

        I don't see how will ever be possible? There are just way way too many parameters to code an AI to do lateral movement or escalation once inside a system.

        For example, even trying to exploit a famous vuln like dirtycow still often requires small tweaks to the exploit script in order to get it to work. There is no way an AI will be able to do that.

        Though if you are talking about an "AI" that checks processes running, versions installed etc. and runs the appropriate exploits scripts metasploit already has that in the getsystem command. Though I wouldn't really consider that AI.

        https://www.offensive-security.com/metasploit-unleashed/priv...

jxub 5 years ago

Terminal text editors.

Aside from incremental improvements like async plugins Vim and Emacs have largely stayed the same.

diehunde 5 years ago

- programming language paradigms

- data storage techniques have evolved but the essentials are still the same

  • ksaj 5 years ago

    The fact that so much "new" stuff comes from Lisp proves you are right. Instead of 2 steps forward, one back, it seems with programming languages we keep returning to the start.

    Lisp is one of those languages that rarely gets an upgrade, but everyone else keeps coming back to emulate it.

    • mattmanser 5 years ago

      Well, bits of it.

      Otherwise by now we'd all be using it by now, right?

usgroup 5 years ago

I think paradigmatically nothing has changed about the craft of software development since the 80s IMO; we’ve just changed about where efforts are weighted.

Business models, consumers and hardware have undergone the most change.

sidcool 5 years ago

Managers. Seriously. Each new wave of Managers bring the same old mindset.

sngz 5 years ago

bad ways to interview people

rudyrupak 5 years ago

The ability to share a contact from one mobile phone to another. Blackberry could not do it without sending a text and neither can iOS and Android.

amirbehzad 5 years ago

SQL and Relational modelling