| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Aug 2007 21:24:22 -0300
From: "Hernan Ochoa" <hernan@...il.com>
To: "H D Moore" <fdlist@...italoffense.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: BH/DC: Tactical Exploitation Materials
Hi HD!
On 8/9/07, H D Moore <fdlist@...italoffense.net> wrote:
>
> At Black Hat 2007 and Defcon 15, Valsmith and I gave a talk
> entitled "Tactical Exploitation". This talk introduced a tactical
> approach to penetration testing that does not rely on exploiting known
> vulnerabilities.
I really like all the techniques mentioned on your white paper and I also
enjoy reading
stuff like this because it reminds people that penetration testing is not
only about using exploits (in
the sense of ''let's run a script that tries to exploit a specific
vulnerability and see what happens, oh, didnt work!, i'm finish, done!"), so
congrats for that. The only thing I would argue is the concept that your
paper is actually 'INTRODUCING a tactical
approach to penetration testing', 'Revisiting' would be much more accurate
in my opinion. I don't think your
approach is new. Having said that, I do think, like I said, that your paper
comes at the right time because the proliferation
of 'explotation frameworks' and their (commonly) direct association with
'penetration testing' can mislead people to
believe that penetration testing is only that. So congrats again :).
Thanks!,
Bye!
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists