Security Basics mailing list archives
Re: Required Help on Automated Tools
From: "J. Oquendo" <sil () infiltrated net>
Date: Mon, 20 Oct 2008 11:35:08 -0500
On Sat, 18 Oct 2008, Frynge Customer Support wrote:
Adriel: Why are you anti automated? Just curious. Kelly Sigethy - Frynge.com Web Design - Hosting - Advertising http://www.frynge.com 1-403-251-9486 (Calgary) 1-866-331-9684 (Toll Free - Canada and the USA) +44 (0)8717 206 505 (United Kingdom)
I can't answer for Adriel but I will chime in on why automation - relying on it, is a bad idea. Automation relies on the notion that whatever tool you're using is automatically up-to-date for starters. We've all seen how this theory/notion is flawed. If it were, they would be far less vulnerabilities. Reliance on any tool in this industry from my perspective is akin to my ramblings on monkeys with tools. One becomes too comfortable with an automated process and will almost always likely overlook something small a tool won't pick up. While it may be a semi decent idea, if "automated" pentesting were such a good idea, there would be a hell of a lot of professionals out of business and a hell of a lot more companies that were secure. Think about this logically for a minute. If it were *that* good of an idea, many companies would have picked up on it and ran with it. There would be less vulnerabilities reported don't you think? Always, always, always keep in mind, an attacker, especially a determined attacker isn't likely to have Webinspect, Hailstorm or other commercial tools in his or her arsenal. Most "thorough/skilled" attackers will use their own intuition, tools, methods in order to leverage a target. Try automating intuition in the sense that "hrmm I sometimes name my temp directories pm3t because I'm lazy". Tools (automated) will only give you what their developers see fit at the time of compilation. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "Each player must accept the cards life deals him or her: but once they are in hand, he or she alone must decide how to play the cards in order to win the game." Voltaire http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
Current thread:
- Required Help on Automated Tools Vin Oxious (Oct 14)
- Re: Required Help on Automated Tools Jorge L. Vazquez (Oct 15)
- Re: Required Help on Automated Tools Adriel Desautels (Oct 16)
- Re: Required Help on Automated Tools Frynge Customer Support (Oct 20)
- Re: Required Help on Automated Tools J. Oquendo (Oct 20)
- RE: Required Help on Automated Tools Prodigi Child (Oct 22)
- Re: Required Help on Automated Tools acey deucey (Oct 21)
- Re: Required Help on Automated Tools Frynge Customer Support (Oct 20)