| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Sep 26 21:06:35 2005 From: exibar at thelair.com (Exibar) Subject: CORE-Impact license bypass >----- Original Message ----- >From: "c0ntex" <c0ntexb@...il.com> >To: "Josh Perrymon" <perrymonj@...workarmor.com>; <full-disclosure@...ts.grok.org.uk> >Sent: Monday, September 26, 2005 3:36 PM >Subject: Re: [Full-disclosure] CORE-Impact license bypass > >CORE is a good product for what it does. Just as NMAP is and just like >Nessus is, though relying on them is probably not a good idea for an >audit. I rather do all pentesting by hand, nothing can compete against >that and I can't think of a time where I have ever used either Nessus >or CORE in an audit. > >Never used CANVAS. I don't care for Automated exploit tools but >someone had CORE and I fancied a play as the CORE team are a pretty >interesting bunch of guys. I fancied a play once too... but she slapped me when I started to play with her in the hallway :-) anyway.... Wouldn't you want to run Nessus on a network you're conducting a pentest on to get a general overview of what vulnerabilities it finds? Sure beats guessing or hoping that server-suchandsuch isn't patched. As far as automated tools go, bah, manually exploiting the holes is certainly the way to go. But, the automated tools usually produce nice pretty reports that you can show the client. They just LOOOOOVVVVVEEEEEE pretty reports with many bright colors and such for the good stuff and dark "hacker like" colors for the bad stuff :-) Exibar
Powered by blists - more mailing lists