Dailydave mailing list archives

Re: RE: Network Exploitation Tools aka ExploitationEngines

From: Dave Aitel <dave () immunitysec com>
Date: Sun, 05 Sep 2004 13:58:01 -0400

On Sun, 2004-09-05 at 06:24, Matt Hargett wrote:

Clement Dupuis wrote:

Ask both vendors for a demo.  See for yourself, try it yourself, that's
probably the best way to find out which one better fill your needs.


This is what I always tell prospects who ask me about BugScan versus 
some other solution. They seem to appreciate the lack of negativity and 
dick-waving from our side, so far. (Though they apparantly can't say the 
same for some of the other players in the market.)

Does Immunity and CORE play that nicely? Or does one spread FUD about 
the other?


I'm constantly spreading FUD. Like, the other day, someone called me up
and I said, "Hey, the Impact 'Tip of the Day' in version 4.0 has nothing
on our Exploit Fortunes (tm). With 'Tip of the Day' you'll get useful
hints on how to adjust their GUI to look exactly how you want it. With
Exploit Fortunes (tm) you'll get the latest Immunity in-jokes and
humorous comments, but only if you manage to successfully exploit a
host. So you have to be truly elite to even see them. 

Honestly, though, it'd be hard for me to spread FUD, cause the last time
I saw their product was at G-Con when Gera did a short demo, so
everything I know about it is here-say or based off marketing material
on their web page.

Who are some of the other players in the BugScan market? @stake SRA?

On a side note, some of the XP/Python weenies say that test-driven 
development and a suite of unit tests can enforce types, getting the 
best of both worlds. Anyone have an opinion on this?


Sounds nutty - cause the great thing about Python is that you don't care
what Type you're using. A duck is something that quacks, and going
beyond that is putting on handcuffs when you don't have to. This general
concept is why Python is so much faster to use than .Net. I mean, it
goes beyond that, into a language that makes broad generalization
doable, rather than a huge nightmare the way C++ does. :>


-dave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: RE: Network Exploitation Tools aka ExploitationEngines Matt Hargett (Sep 05)
- Re: RE: Network Exploitation Tools aka ExploitationEngines Dave Aitel (Sep 05)
  - Re: RE: Network Exploitation Tools aka ExploitationEngines Florian Weimer (Sep 05)
  - Re: RE: Network Exploitation Tools aka ExploitationEngines Matt Hargett (Sep 06)
  - RE: Network Exploitation Tools aka ExploitationEngines; Re: Matt Hargett (Sep 07)
    - Re: RE: Network Exploitation Tools aka ExploitationEngines; Re: Kurt Seifried (Sep 07)
    - RE: Network Exploitation Tools aka ExploitationEngines; Re:; Re: Kurt Seifried (Sep 09)
    - Re: RE: Network Exploitation Tools aka ExploitationEngines; Re: esos03a (Sep 09)
- RE: Network Exploitation Tools aka ExploitationEngines; Re: Dave Aitel (Sep 10)