Dailydave mailing list archives
Re: Defending the honor of...penetration testing tools
From: Mohammad Hosein <mhtajik () gmail com>
Date: Wed, 13 Feb 2013 01:26:17 +0330
"they think if Metasploit for instance was never born, there would have been less pwnage in the world." list knows i never stop missing Christopher , so , without further ado i want to put an assertion here . they say "arguably" their point is logically valid . logic being we are a Hamiltonian closed system where the total kinetic energy of offense is just equal to the sum of our mosdef nodes . with a sober mind , one would even calculate how much a healthy mosdef node can actually do harm in an assumed n-degree space system with defined objects and specific values . to make the conversation understandable for people of different native mother languages , i am not going to ignore the philosophical platform where and when such engineering is happening , it sounds silly first but you get used to it . therefore we can simply save time and presume a smart one of these guys comes right after each update of each tool , and assigns precisely how much of potential damage ( in some metrics like Joule , Ton , Watt ) just added to the system . we are told by many people in many centuries written on many books that evil thoughts make harm or eventually result in harm therefore the thoughts themselves even if they dont get implemented into a mosdef - a potential harm - in Delta t , still , add to the total kinetic energy of offense and whether the thoughts or the resulting mosdefs are rotating or angular because they finally move , by that , i mean dave's business . still ignoring the philosophic platform , which is "the" issue and still , ironically enough , we can argue our way out . How ? even within the constraint of the conversation in terms and agreements , their idea is Stupid ( offense intended ) . they got to make the system either absolute zero evil thought , or there must be good mosdefs AND evil mosdefs . or maybe they are Ok with Classic mechanics with a finger up Newton's butt ass the forth rule ? i suggest no addition of advanced math and physics , any kind of societal dialog or even honor the conversation more than what it is , by adding variety of philosophic thoughts giving insane complex angels to the topic . that actually might be evil itself considering you are spending electrics based on offshore oil and nuclear reactors with hazard waste that ages more than us ;) @ Dave : any PR is still PR . see how smooth i turned meterpreter into mosdef ? paypal me what you honestly think the work deserve and consider i am not legal to work in U.S or be dealt with from within U.S :> wasnt it more fun if you got yourself a spot to talk about the RSA's bullshit story with the Iranian Cyber Police , their "talk" , and finally entertaining restrictions on that organization as a whole due to its involvement in aggregating monster SYN floods to Citibank ? :D M. On Tue, Feb 12, 2013 at 9:48 PM, antisnatchor <antisnatchor () gmail com>wrote:
The problem IMHO is lots of people out there still believe in security by obscurity. Translated for this specific case, they think if Metasploit for instance was never born, there would have been less pwnage in the world. There are too many examples this statement is obviously wrong. Many times the only way to "wake up" sleeping vendors, lazy with patching, is exactly creating a tool that automates attacks and pwnage. You can't imagine how many attacks in BeEF are not working anymore (sigh) because vendors silently patched the bug after we wrote or ported an exploit to BeEF. Cheers antisnatchor ------------------------------ Dave Aitel <dave () immunityinc com> February 12, 2013 5:50 PM So as you can see below, I'll be at RSA asking Andrew Jaquith why on earth he thinks penetration testing tools are evil. To be honest, I have no idea. Does that also imply penetration testing is evil, or is he saying that penetration testing tools make people lazy and therefor you get better penetration tests without them, in which case I'll try to get him to write his future papers without a keyboard or something. Speaking of penetration testing tools - Immunity is hiring CANVAS developers here in Miami Beach. If you want to work on CANVAS and you speak both assembly language and Python and have a passion for building awesome tools that let people break into systems (some of which we make public!), then send me an email. We're also hiring an experienced Django web developer. You do also have to be legal to work here in Miami or Washington DC for these positions. -dave https://ae.rsaconference.com/US13/connect/sessionDetail.ww?SESSION_ID=3297&tclass=popup#.URp4m2gUwM0.twitter MASH-T16 - Debate: Internet GUN CONTROL - Are Pentesting Tools Good or Evil? Moderator(s): Pete Lindstrom - Principal, Spire Security <https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=430145EACD4EBC80B7251A1E5A519F1E&tclass=popup> Panelist(s): Dave Aitel - Chief Executive Officer, Immunity, Inc. <https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=66B255D131FD603BCBE896DDEB1F0617&tclass=popup> Andrew Jaquith - Chief Technology Officer, Perimeter E-Security <https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=7A07665968A7B2320DCA9BF860462864&tclass=popup> From SATAN in the 90's to Metasploit today, penetration testing tools have been common in the arsenal of information security professionals. These tools allow any user to assess the vulnerable state of their IT platforms. Some say that they are useful while others assert they are detrimental for the overall health of the Internet. Come hear the debate and weigh in with your own opinions. -- INFILTRATE - the world's best offensive information security conference. April 2013 in Miami Beach www.infiltratecon.com _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Defending the honor of...penetration testing tools Dave Aitel (Feb 12)
- Re: Defending the honor of...penetration testing tools antisnatchor (Feb 12)
- Re: Defending the honor of...penetration testing tools Mohammad Hosein (Feb 12)
- Re: Defending the honor of...penetration testing tools Anton Chuvakin (Feb 18)
- Re: Defending the honor of...penetration testing tools antisnatchor (Feb 12)