Full Disclosure mailing list archives
Re: CORE-Impact license bypass
From: fd () ew nsci us
Date: Tue, 27 Sep 2005 18:13:37 -0700 (PDT)
On Tue, 27 Sep 2005, Bernhard Mueller wrote:
Exibar wrote:I didn't mean to imply that the consultants create their own exploits, not many I know could even begin to do that, only a couple are talented enough to do just that. Even for those very few, it's just not feasable from a time perspective. Much quick and cost effective to use what's out there.so what use is a pentest if the consultant isn't even talented enough to find / create exploits for unknown vulnerabilities? any average admin can install and run an automatic security scanner. furthermore, a common nessus report contains 99% useless garbage. and most of the time, you can not apply generic exploits like these from metasploit to a specific customer situation.
It should also be noted that many security flaws in Customer networks are in design and therefore implementation. The real issue comes down to client-side security. Most pentests are are trivial after an attack from Eve, even if the first person she emails in the organization sees through it ... X-From: Eve From: Bob Hi Alice! Can you get me a quote for the parts we need in the attached spreadsheet? Thank you! -Bob <<Attachment:parts.xls.exe>> --Eric _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: CORE-Impact license bypass, (continued)
- RE: CORE-Impact license bypass Marc Maiffret (Sep 26)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 27)
- Re: CORE-Impact license bypass Martin Mkrtchian (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 27)
- Re: CORE-Impact license bypass Andrew Simmons (Sep 27)
- Re: CORE-Impact license bypass Valdis . Kletnieks (Sep 27)
- Re: CORE-Impact license bypass Bernhard Mueller (Sep 28)
- Re: CORE-Impact license bypass sk (Sep 28)
- Re: exploit frameworks Dave Aitel (Sep 30)
- Re: CORE-Impact license bypass Exibar (Sep 27)
- RE: CORE-Impact license bypass Marc Maiffret (Sep 26)
- Re: CORE-Impact license bypass fd (Sep 27)
- Re: CORE-Impact license bypass c0ntex (Sep 26)