lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 5 May 2008 12:24:01 -0500
From: "Nate McFeters" <nate.mcfeters@...il.com>
To: "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: HD Moore

More importantly than any of this is how great it is for vulnerability
research.  Makes it much easier to encode shell code, etc.  Plus the
msfpescan features are bad assery.  Of course, n3td3v has no ideas what
these features are for so he thinks it's a script kiddy tool.

Andrew, you're so predictably boring... is there not something you have
expertise on that you can talk about?

Obviously you're not in the right place on this list.

Nate


On 5/5/08, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
>
> On Sun, 04 May 2008 16:27:49 BST, n3td3v said:
> > On Fri, May 2, 2008 at 9:32 AM, Nate McFeters <nate.mcfeters@...il.com>
> wrote:
> > > Oh that... Yeah, shame on hd... Maybe he was busy updating metasploit
> > > so that real researchers have a great vulnerability development
> > > framework, or something else that provided some worth to people.
> >
> > Maybe he was busy updating Metasploit so that script kids have a great
> > vulnerability development framework.
> >
> > He should stop providing them with a great vulnerability development
> framework.
>
> There's 2 really great uses for metasploit for white hat security guys:
>
> 1) When you're handed a /16 or two during a pen test, and need a quick way
> to poke a whole bunch of machines for a vulnerability, it's hard to
> roll-your-own
> exploit tester as fast as you can chinese-menu one in metasploit.
>
> 2) It's a *great* tool for impressing on a PHB just how easy it is to
> launch
> an exploit for something at one of the unsecured systems he's responsible
> for.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists