Prof’s comments emphasized.

Bryce, those are good questions. Replies inline… (Security Professor) Original Message From: Bryce Kerley Sent: Thursday, September 29, 2005 12:07 PM To: (Security Professor) Subject: Metasploit Project For the semester project, can we write a Metasploit exploit module for a known (but not modularized) exploit, or do we have to come up with an unknown exploit? [Prof] Writing a module for a known but not modularized exploit meets the requirement. Coming up with a novel exploit and modularizing it is even better. And can it be for a (common) webapp, or should it be for something lower level (and with, on average, a better security record)? [Prof] An exploit for a common web app meets the requirement in my mind. Again, coming up with something novel and on the cutting edge would be more impressive. You can only get 100 points for the assignment, though! ;-) [Prof] Thanks, Bryce