Re: BH/DC: Tactical Exploitation Materials

["Hernan Ochoa" <hernan () gmail com>]

Hi HD!

On 8/9/07, H D Moore <fdlist () digitaloffense net> wrote:
> At Black Hat 2007 and Defcon 15, Valsmith and I gave a talk
> entitled "Tactical Exploitation". This talk introduced a tactical
> approach to penetration testing that does not rely on exploiting known
> vulnerabilities.



I really like all the techniques mentioned on your white paper and I also
enjoy reading
stuff like this because it reminds people that penetration testing is not
only about using exploits (in
the sense of ''let's run a script that tries to exploit a specific
vulnerability and see what happens, oh, didnt work!, i'm finish, done!"), so
congrats for that. The only thing I would argue is the concept that your
paper is actually 'INTRODUCING a tactical
approach to penetration testing',  'Revisiting' would be much more accurate
in my opinion. I don't think your
approach is new. Having said that, I do think, like I said, that your paper
comes at the right time because the proliferation
of 'explotation frameworks' and their (commonly) direct association with
'penetration testing' can  mislead people to
believe that penetration testing is only that. So congrats again :).


Thanks!,
Bye!







>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/