lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <001901c5c372$b3831ed0$1214dd80@corp.emc.com>
Date: Tue Sep 27 15:49:56 2005
From: exibar at thelair.com (Exibar)
Subject: CORE-Impact license bypass


>----- Original Message ----- 
>From: "Marc Maiffret" <mmaiffret@...e.com>
>To: "Exibar" <exibar@...lair.com>; "c0ntex" <c0ntexb@...il.com>; "Josh
Perrymon" <perrymonj@...workarmor.com>;
<full->d>isclosure@...ts.grok.org.uk>
>Sent: Monday, September 26, 2005 4:49 PM
>Subject: RE: [Full-disclosure] CORE-Impact license bypass
>

><snip>
>>   As far as automated tools go, bah, manually exploiting the
>> holes is certainly the way to go.  But, the automated tools
>> usually produce nice pretty reports that you can show the
>> client.  They just LOOOOOVVVVVEEEEEE pretty reports with many
>> bright colors and such for the good stuff and dark "hacker
>> like" colors for the bad stuff :-)
>>
>>   Exibar
><snip>
>
>I'm playing devils advocate so its not that I completely disagree but I
>think for the average consultant (99% of consultants) using an automated
>solution like Core/Canvas is going to do far more for them.

Hiya Marc!
       I completely agree.  I actually like both methods, using an automated
tool like Retina, Nessus, Foundstone, etc to find the vulns and the
weaknesses, then using an individual exploit to try and penetrate that hole.
Canvas / Core also have a very good use as well.  They are quick, easy to
use, and produce those nice reports that the clients like to see, so they
get used as well.
      I didn't mean to imply that the consultants create their own exploits,
not many I know could even begin to do that, only a couple are talented
enough to do just that.  Even for those very few, it's just not feasable
from a time perspective.  Much quick and cost effective to use what's out
there.

  Exibar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ