Full Disclosure mailing list archives

Re: HD Moore

From: "Garrett M. Groff" <groffg () gmgdesign com>
Date: Mon, 5 May 2008 13:40:09 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

These sorts of emails, while perhaps very accurate, only encourage a
barrage of emails concerning our apparent involvement in a large
governmental conspiracy and/or our "script kiddiness." I think ignoring
such emails from netdev are in order, tempting as they are to respond to.


- ----- Original Message ----- 
From: Nate McFeters 
To: Valdis.Kletnieks () vt edu 
Cc: n3td3v ; full-disclosure () lists grok org uk 
Sent: Monday, May 05, 2008 1:24 PM
Subject: Re: [Full-disclosure] HD Moore


More importantly than any of this is how great it is for vulnerability
research.  Makes it much easier to encode shell code, etc.  Plus the
msfpescan features are bad assery.  Of course, n3td3v has no ideas what
these features are for so he thinks it's a script kiddy tool.

Andrew, you're so predictably boring... is there not something you have
expertise on that you can talk about?

Obviously you're not in the right place on this list.

Nate

 
On 5/5/08, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote: 
On Sun, 04 May 2008 16:27:49 BST, n3td3v said:

On Fri, May 2, 2008 at 9:32 AM, Nate McFeters <nate.mcfeters () gmail com>
wrote:

Oh that... Yeah, shame on hd... Maybe he was busy updating metasploit
so that real researchers have a great vulnerability development
framework, or something else that provided some worth to people.


Maybe he was busy updating Metasploit so that script kids have a great
vulnerability development framework.

He should stop providing them with a great vulnerability development
framework.


There's 2 really great uses for metasploit for white hat security guys:

1) When you're handed a /16 or two during a pen test, and need a quick way
to poke a whole bunch of machines for a vulnerability, it's hard to
roll-your-own
exploit tester as fast as you can chinese-menu one in metasploit.

2) It's a *great* tool for impressing on a PHB just how easy it is to
launch
an exploit for something at one of the unsecured systems he's responsible
for.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/






- ---------------------------------------------------------------------------
- -----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014) - not licensed for commercial use: www.pgp.com

wj8DBQFIH0YySGIRT5oVahwRAnosAJ4hHPGYV1fW2rVb6BdAv8YTXqfvzgCcCLWE
46UCD/zeo++7hxpDyT2icsM=
=klVh
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: HD Moore, (continued)
- - - Re: HD Moore Nate McFeters (May 05)
    - Re: HD Moore n3td3v (May 05)
    - Re: HD Moore Valdis . Kletnieks (May 05)
    - Re: HD Moore n3td3v (May 06)
    - Re: HD Moore Nate McFeters (May 05)
    - Re: HD Moore DUDE DUDERINO (May 05)
    - Re: HD Moore n3td3v (May 06)
    - HD Moore Elad Shapira (May 06)
    - Message not available
    - Re: HD Moore Elad Shapira (May 06)
    - Re: HD Moore steve menard (May 06)
    - Re: HD Moore Garrett M. Groff (May 06)