Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] CORE-Impact license bypass

from [fd] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] CORE-Impact license bypass
Date: Tue, 27 Sep 2005 18:13:37 -0700 (PDT) 
On Tue, 27 Sep 2005, Bernhard Mueller wrote:


Exibar wrote:

      I didn't mean to imply that the consultants create their own exploits,
not many I know could even begin to do that, only a couple are talented
enough to do just that.  Even for those very few, it's just not feasable
from a time perspective.  Much quick and cost effective to use what's out
there.



so what use is a pentest if the consultant isn't even talented enough to
find / create exploits for unknown vulnerabilities?
any average admin can install and run an automatic security scanner.
furthermore, a common nessus report contains 99% useless garbage. and
most of the time, you can not apply generic exploits like these from
metasploit to a specific customer situation.


It should also be noted that many security flaws in Customer networks are
in design and therefore implementation.  The real issue comes down to
client-side security.  Most pentests are are trivial after an attack from
Eve, even if the first person she emails in the organization sees through
it ...


X-From: Eve
From: Bob

Hi Alice!  

Can you get me a quote for the parts we need in the attached spreadsheet?

Thank you!

-Bob

<<Attachment:parts.xls.exe>>


--Eric
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Re: Re: in-line coax monitoring device, fd
Next by Date:  RE: [Full-disclosure] Third issue of the Zone-H Comics, Aditya Deshmukh
Previous by Thread:  Re: [Full-disclosure] exploit frameworks, Dave Aitel
Next by Thread:  RE: [Full-disclosure] CORE-Impact license bypass, Josh Perrymon
Indexes:  [Date] [Thread] [Top] [All Lists]