| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ivan.arce at corest.com (Ivan Arce) Subject: Re: InlineEgg library release -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To the moderator: I am not subscribed to full-disclosure myself, but I would like this reply to be approved since it addresses questions directed towards the company I work for. Thanks. - -- Hello nd, I am pleased that you found inline egg a really nice piece of code and I am sure Gerardo Richarte, its author, will like knowing that. As for the circunstances, we (myself included) have been talking publicly about automating pentesting and building exploit code automatically and on the fly using helper libraries for several years. Our first presentation on the topic was at BlackHat Briefings 2001 in Las Vegas, 6 months prior to the release of CORE IMPACT which implemets since v1.0 many of the features we discussed, including LibEgg which is a superset of InlineEgg Check out http://www.blackhat.com/presentations/bh-usa-01/IvanAcre/bh-usa-01-Iva n-Arce.ppt We released IMPACT v1.0 on March 2002. We further developed the original ideas presentat at BH 2001 Las Vegas and subsequentelly presented at: SANS IOWargames in September 2001 http://www1.corest.com/common/showdoc.php?idx=167&idxseccion=13&idxmen u=32 CanSecWest 2002 in May 2002 http://www1.corest.com/common/showdoc.php?idx=226&idxseccion=13&idxmen u=32 BlackHat Briefings 2002 Las Vegas in July 2002 http://www1.corest.com/common/showdoc.php?idx=167&idxseccion=13&idxmen u=32 G-Con ONE in Mexico in December 2002 http://www1.corest.com/common/showdoc.php?idx=359&idxseccion=13&idxmen u=32 http://www.g-con.org/speakers/Automated_Pen_Testing/Pres2.ppt (slide 21 specifically mentions InlineEgg and some samples using it) BlackHat Briefings 2003 Las Vegas in July this year. http://www1.corest.com/common/showdoc.php?idx=360&idxseccion=13&idxmen u=32 All of them touched on technologies and techniques used for attack and penetration and included in or being researched for IMPACT. So I hope this clarifies the 'funnyness' you point out about our release. We've been working on all these things for years, InlineEgg is just a small part of our work and we figured it is a usefull piece of code for the pentester and security researcher so we released it to the public. I am pleased to see that you are interested in our company financials, competitive landscape and product strategy but the simple truth is that, as many other publicly available tools, InlineEgg can both provide some benefits to the infosec community and benefit from its contributions as well, and it is in that spirit that we released it. - -ivan - -- Ivan Arce CTO CORE SECURITY TECHNOLOGIES 46 Farnsworth Street Boston, MA 02210 Ph: 617-399-6980 Fax: 617-399-6987 ivan.arce@...esecurity.com www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A - ----- Original Message ----- From: "ned" <nd@...inemenace.org> Newsgroups: core.lists.full-disclosure To: <full-disclosure@...ts.netsys.com> Sent: Friday, September 05, 2003 3:22 AM Subject: [Full-Disclosure] Re: InlineEgg library release > i find this release funny, not because it isn't a really nice piece > of code, but because of the circumstances surrounding it. > check this out: > http://www.blackhat.com/html/bh-federal-03/bh-federal-03-speakers.ht > ml#David%20Aitel dave aitel will give a talk on his software > MOSDEF, which as i understand it is a python c compiler with some > other pretty neet features. > so what? > immunitysec (which dave aitel started) has a product CANVAS > (www.immunitysec.com/CANVAS) which is a > python exploit suite for testing networks. MOSDEF will be a part of > CANVAS when completed, and will also be GPL'd so that everyone > else can use it. on the other hand we have CORE, with their product > IMPACT (everyone loves the big caps names dont they?) which again, > is a python exploit toolkit thing aswell. however, dave aitel has > been talking about MOSDEF for months now, and all of a sudden a > copy of inlineegg pop's up which offers the same functionability > as MOSDEF (i spose). > > why would CORE do this? are IMPACT sales down (ie, symatec hasn't > renewed their licenses) or do they feel threated by the publicity > MOSDEF & CANVAS will be receiving at blackhat? > > -- > http://felinemenace.org/~nd > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBP14EAiB7544q0fZaEQIDCgCaA0fD4BLH/FKxCXwvsziksfOQ9WcAoO81 BCOAHb1Z6nP/tPMWYZ4z54uX =n0Oy -----END PGP SIGNATURE-----
Powered by blists - more mailing lists