lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c5aec8570708091724x4688443cwff99c806fb089858@mail.gmail.com>
Date: Thu, 9 Aug 2007 21:24:22 -0300
From: "Hernan Ochoa" <hernan@...il.com>
To: "H D Moore" <fdlist@...italoffense.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: BH/DC: Tactical Exploitation Materials

Hi HD!

On 8/9/07, H D Moore <fdlist@...italoffense.net> wrote:
>
> At Black Hat 2007 and Defcon 15, Valsmith and I gave a talk
> entitled "Tactical Exploitation". This talk introduced a tactical
> approach to penetration testing that does not rely on exploiting known
> vulnerabilities.



I really like all the techniques mentioned on your white paper and I also
enjoy reading
stuff like this because it reminds people that penetration testing is not
only about using exploits (in
the sense of ''let's run a script that tries to exploit a specific
vulnerability and see what happens, oh, didnt work!, i'm finish, done!"), so
congrats for that. The only thing I would argue is the concept that your
paper is actually 'INTRODUCING a tactical
approach to penetration testing',  'Revisiting' would be much more accurate
in my opinion. I don't think your
approach is new. Having said that, I do think, like I said, that your paper
comes at the right time because the proliferation
of 'explotation frameworks' and their (commonly) direct association with
'penetration testing' can  mislead people to
believe that penetration testing is only that. So congrats again :).


Thanks!,
Bye!







>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ