lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <43396B16.1090507@sec-consult.com>
Date: Tue Sep 27 16:56:38 2005
From: research at sec-consult.com (Bernhard Mueller)
Subject: CORE-Impact license bypass

Exibar wrote:
>       I didn't mean to imply that the consultants create their own exploits,
> not many I know could even begin to do that, only a couple are talented
> enough to do just that.  Even for those very few, it's just not feasable
> from a time perspective.  Much quick and cost effective to use what's out
> there.
> 

so what use is a pentest if the consultant isn't even talented enough to
find / create exploits for unknown vulnerabilities?
any average admin can install and run an automatic security scanner.
furthermore, a common nessus report contains 99% useless garbage. and
most of the time, you can not apply generic exploits like these from
metasploit to a specific customer situation.
in my experience, nearly all sites have some serious security flaws even
if tools like nessus say the contrary. there may be self-coded
applications or software that is not widely known or tested so they're
not found in any vulnerability database. or, if that is not the case,
you may even find new flaws in well-established software.
IMHO you can not deliver a reasonable security assessment until you have
checked everything by hand.


regards,
-- 
_____________________________________________________

~  DI (FH) Bernhard Mueller
~  IT Security Consultant

~  SEC-Consult Unternehmensberatung GmbH
~  www.sec-consult.com

~  A-1080 Wien  Blindengasse 3
~  Tel:   +43/676/840301718
~  Fax:   +43/(0)1/4090307-590
______________________________________________________

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ