Full Disclosure mailing list archives
Re: BH/DC: Tactical Exploitation Materials
From: "Hernan Ochoa" <hernan () gmail com>
Date: Thu, 9 Aug 2007 21:24:22 -0300
Hi HD! On 8/9/07, H D Moore <fdlist () digitaloffense net> wrote:
At Black Hat 2007 and Defcon 15, Valsmith and I gave a talk entitled "Tactical Exploitation". This talk introduced a tactical approach to penetration testing that does not rely on exploiting known vulnerabilities.
I really like all the techniques mentioned on your white paper and I also enjoy reading stuff like this because it reminds people that penetration testing is not only about using exploits (in the sense of ''let's run a script that tries to exploit a specific vulnerability and see what happens, oh, didnt work!, i'm finish, done!"), so congrats for that. The only thing I would argue is the concept that your paper is actually 'INTRODUCING a tactical approach to penetration testing', 'Revisiting' would be much more accurate in my opinion. I don't think your approach is new. Having said that, I do think, like I said, that your paper comes at the right time because the proliferation of 'explotation frameworks' and their (commonly) direct association with 'penetration testing' can mislead people to believe that penetration testing is only that. So congrats again :). Thanks!, Bye!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- BH/DC: Tactical Exploitation Materials H D Moore (Aug 09)
- Re: BH/DC: Tactical Exploitation Materials Hernan Ochoa (Aug 09)
- Re: BH/DC: Tactical Exploitation Materials H D Moore (Aug 09)
- Re: BH/DC: Tactical Exploitation Materials Hernan Ochoa (Aug 09)