Firewall Wizards mailing list archives
RE: Penetration testing via shrinkware
From: "Stout, Bill" <StoutB () pios com>
Date: Thu, 03 Sep 1998 20:32:48 -0400
Thanks all for the copious feedback. I posted the question because I had difficulty expressing to someone the inadaquacy of using shrinkware alone. I believe I can express that point now. The point I was missing was this: Shrinkware only highlights possible entry points, and doesn't exploit them or artfully combine vulnerabilities into an 'exploit mosaic', a clear compelling picture of the penetration. It takes a skilled artistic human to create art, a technical human would merely glue the vulnerabilities together into a mess. An '3l33t3 hacker' dynamically adapts to the set of vulnerabilities presented before him, he uses his experience, knowledge and input from others to exploit what he discovers, piecing together a puzzle through intellect, not from an instruction sheet. A real hacking experience is an R&D work in progress, not an autonomon scripting (or manually keying in a script of) known techniques that worked for one given situation. Thanks for the feedback. Bill Stout
Current thread:
- Re: Penetration testing via shrinkware, (continued)
- Re: Penetration testing via shrinkware Ted Doty (Sep 19)
- Re: Penetration testing via shrinkware tqbf (Sep 19)
- Re: Penetration testing via shrinkware Dave Whitlow (Sep 19)
- Re: Penetration testing via shrinkware Christopher Nicholls (Sep 19)
- Re: Penetration testing via shrinkware Adam Shostack (Sep 20)
- Re: Penetration testing via shrinkware Ivan Arce,CORE SDI (Sep 23)
- Re: Penetration testing via shrinkware tqbf (Sep 21)
- Re: Penetration testing via shrinkware Crispin Cowan (Sep 19)
- Re: Penetration testing via shrinkware Paul D. Robertson (Sep 20)
- Re: Penetration testing via shrinkware Paul D. Robertson (Sep 20)
- Re: Penetration testing via shrinkware Marcus J. Ranum (Sep 21)
- Re: Penetration testing via shrinkware Paul D. Robertson (Sep 21)