Full Disclosure mailing list archives
Re: CORE-Impact license bypass
From: Bernhard Mueller <research () sec-consult com>
Date: Tue, 27 Sep 2005 17:53:58 +0200
Exibar wrote:
I didn't mean to imply that the consultants create their own exploits, not many I know could even begin to do that, only a couple are talented enough to do just that. Even for those very few, it's just not feasable from a time perspective. Much quick and cost effective to use what's out there.
so what use is a pentest if the consultant isn't even talented enough to find / create exploits for unknown vulnerabilities? any average admin can install and run an automatic security scanner. furthermore, a common nessus report contains 99% useless garbage. and most of the time, you can not apply generic exploits like these from metasploit to a specific customer situation. in my experience, nearly all sites have some serious security flaws even if tools like nessus say the contrary. there may be self-coded applications or software that is not widely known or tested so they're not found in any vulnerability database. or, if that is not the case, you may even find new flaws in well-established software. IMHO you can not deliver a reasonable security assessment until you have checked everything by hand. regards, -- _____________________________________________________ ~ DI (FH) Bernhard Mueller ~ IT Security Consultant ~ SEC-Consult Unternehmensberatung GmbH ~ www.sec-consult.com ~ A-1080 Wien Blindengasse 3 ~ Tel: +43/676/840301718 ~ Fax: +43/(0)1/4090307-590 ______________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: CORE-Impact license bypass, (continued)
- RE: CORE-Impact license bypass Josh Perrymon (Sep 26)
- RE: CORE-Impact license bypass Todd Towles (Sep 26)
- Message not available
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Message not available
- RE: CORE-Impact license bypass Jason Jones (Sep 26)
- RE: CORE-Impact license bypass Josh Perrymon (Sep 26)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Re: CORE-Impact license bypass Exibar (Sep 26)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Re: CORE-Impact license bypass c0ntex (Sep 26)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 27)
- Re: CORE-Impact license bypass Martin Mkrtchian (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 27)
- Re: CORE-Impact license bypass Andrew Simmons (Sep 27)
- Re: CORE-Impact license bypass Valdis . Kletnieks (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 28)
- Re: CORE-Impact license bypass sk (Sep 28)
- Re: exploit frameworks Dave Aitel (Sep 30)
- Re: CORE-Impact license bypass c0ntex (Sep 26)