lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed Sep 28 02:37:54 2005
From: fd at ew.nsci.us (fd@...nsci.us)
Subject: CORE-Impact license bypass

On Tue, 27 Sep 2005, Bernhard Mueller wrote:

> Exibar wrote:
> >       I didn't mean to imply that the consultants create their own exploits,
> > not many I know could even begin to do that, only a couple are talented
> > enough to do just that.  Even for those very few, it's just not feasable
> > from a time perspective.  Much quick and cost effective to use what's out
> > there.
> > 
> 
> so what use is a pentest if the consultant isn't even talented enough to
> find / create exploits for unknown vulnerabilities?
> any average admin can install and run an automatic security scanner.
> furthermore, a common nessus report contains 99% useless garbage. and
> most of the time, you can not apply generic exploits like these from
> metasploit to a specific customer situation.

It should also be noted that many security flaws in Customer networks are
in design and therefore implementation.  The real issue comes down to
client-side security.  Most pentests are are trivial after an attack from
Eve, even if the first person she emails in the organization sees through
it ...


X-From: Eve
From: Bob

Hi Alice!  

Can you get me a quote for the parts we need in the attached spreadsheet?

Thank you!

-Bob

<<Attachment:parts.xls.exe>>


--Eric

Powered by blists - more mailing lists