Re: Re: InlineEgg library release

["Ivan Arce" <ivan.arce () corest com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To the moderator: I am not subscribed to full-disclosure myself, but
 I would like this reply to be approved since it addresses questions
directed towards the company I work for. Thanks.
- --

Hello nd, 
I am pleased that you found inline egg a really nice piece of code
and I am
sure Gerardo Richarte, its author, will like knowing that.

As for the circunstances, we (myself included) have been talking
publicly about
automating pentesting and building exploit code automatically and on
the
fly using helper libraries for several years. Our first presentation
on the
topic was at BlackHat Briefings 2001 in Las Vegas, 6 months prior to
the
release of CORE IMPACT which implemets since v1.0 many of the
features
we discussed, including LibEgg which is a superset of InlineEgg
Check out
http://www.blackhat.com/presentations/bh-usa-01/IvanAcre/bh-usa-01-Iva
n-Arce.ppt

We released IMPACT v1.0 on March 2002. We further developed the
original ideas 
presentat at BH 2001 Las Vegas and subsequentelly presented at: 

SANS  IOWargames in September 2001
http://www1.corest.com/common/showdoc.php?idx=167&idxseccion=13&idxmen
u=32

CanSecWest 2002 in May 2002 
http://www1.corest.com/common/showdoc.php?idx=226&idxseccion=13&idxmen
u=32

BlackHat Briefings 2002 Las Vegas in July 2002
http://www1.corest.com/common/showdoc.php?idx=167&idxseccion=13&idxmen
u=32

G-Con ONE in Mexico in December 2002
http://www1.corest.com/common/showdoc.php?idx=359&idxseccion=13&idxmen
u=32
http://www.g-con.org/speakers/Automated_Pen_Testing/Pres2.ppt
(slide 21 specifically mentions InlineEgg and some samples using it)

BlackHat Briefings 2003 Las Vegas in July this year.
http://www1.corest.com/common/showdoc.php?idx=360&idxseccion=13&idxmen
u=32 

All of them touched on technologies and techniques used for attack
and penetration and
included in or being researched for IMPACT. So I hope this clarifies
the 'funnyness' you
point out about our release. We've been working on all these things
for years, InlineEgg
is just a small part of our work and we figured it is a usefull piece
of code for the pentester
and security researcher so we released it to the public.

I am pleased to see that you are interested in our company
financials, competitive landscape and 
product strategy but the simple truth is that, as many other publicly
available tools, InlineEgg
can both provide some benefits to the infosec community and benefit
from its contributions
 as well, and it is in that spirit that we released it.

- -ivan

- --
Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES

46 Farnsworth Street
Boston, MA 02210
Ph: 617-399-6980
Fax: 617-399-6987
ivan.arce () coresecurity com
www.coresecurity.com

PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
 

- ----- Original Message ----- 
From: "ned" <nd () felinemenace org>
Newsgroups: core.lists.full-disclosure
To: <full-disclosure () lists netsys com>
Sent: Friday, September 05, 2003 3:22 AM
Subject: [Full-disclosure] Re: InlineEgg library release


> i find this release funny, not because it isn't a really nice piece
> of  code, but because of the circumstances surrounding it.
> check this out:
> http://www.blackhat.com/html/bh-federal-03/bh-federal-03-speakers.ht
> ml#David%20Aitel dave aitel will give a talk on his software
> MOSDEF, which as i understand  it is a python c compiler with some
> other pretty neet features.
> so what?
> immunitysec (which dave aitel started) has a product CANVAS 
> (www.immunitysec.com/CANVAS) which is a 
> python exploit suite for testing networks. MOSDEF will be a part of
> CANVAS  when completed, and will also be GPL'd so that everyone
> else can use it. on the other hand we have CORE, with their product
> IMPACT (everyone loves  the big caps names dont they?) which again,
> is a python exploit toolkit  thing aswell. however, dave aitel has
> been talking about MOSDEF for months  now, and all of a sudden a
> copy of inlineegg pop's up which offers the  same functionability
> as MOSDEF (i spose).
>
> why would CORE do this? are IMPACT sales down (ie, symatec hasn't
> renewed  their licenses) or do they feel threated by the publicity
> MOSDEF & CANVAS  will be receiving at blackhat?
>
> -- 
> http://felinemenace.org/~nd


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBP14EAiB7544q0fZaEQIDCgCaA0fD4BLH/FKxCXwvsziksfOQ9WcAoO81
BCOAHb1Z6nP/tPMWYZ4z54uX
=n0Oy
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html