Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Core Impact

from [David Eduardo Acosta Rodríguez] Network Security [Permanent Link]
Subject: Re: Core Impact
Date: Tue, 21 Jun 2005 17:30:12 -0500 
Hi:

In the new "automated exploitation area", you can use other tools and
finally you can have your own opinion...now, you can "exploit" the found
vulnerabilities... in Nessus, ISS Internet Scanner, Symantec NetRecon and
GFI LanGuard you only can test the vulnerabilities with few (or none)
possibilities of attack and compromise. Below, I show some tools:

Immunity's CANVAS  http://www.immunitysec.com/ <- Commercial tool write in
Python
Exploitation Framework
http://www.securityforest.com/wiki/index.php/Exploitation_Framework <-
OpenSource tool with "massive amount of exploits available"
MetaSploit http://www.metasploit.com/ <-OpenSource tool - with Web GUI
ATK http://www.computec.ch/projekte/atk/main.html <-OpenSource tool write in
VB for Windows

For Core Impact, I think that it is a good tool but it has certain
limitations...the number of exploits... if you can use an exploit, you need
"port/rewrite" the code in the Core´s "standard"...the good thing in this
tool is the capacity of "pivot" the compromised host and to use it as
platform of attack against internal hosts...

I think that  this tools must be used jointly with a clear metodology
(OSSTMM). A good automatic exploit framework must be 1) platform independent
2) good exploit collection 3) a intutive GUI 4) you can add new exploits
without rewrite the code 5) OpenSource and 6) good reporting tools.

Cordial saludo,

         Ing. David E. Acosta R.
      Security Consultant - CISSP
       Internet Solutions Colombia
  "The Information Security Experts"
http://www.internet-solutions.com.co
 david.acosta@internet-solutions.com.co
       Phone (movil):(300)2089961
 Phone (office):(091)3120910 ext 17

CONFIDENCIAL. La información contenida en este e-mail y cualquier archivo
anexo es confidencial y sólo puede ser utilizada por el individuo o la
compañía a la cual está dirigido. Si no es usted el destinatario
autorizado, cualquier retención, difusión, distribución o copia de este
mensaje está prohibida y es sancionada por la ley. Si por error recibe este
mensaje, le ofrecemos disculpas y le agradecemos reenviar el mensaje al
emisor original y eliminarlo de su inbox inmediatamente.

----- Original Message ----- 
From: "Security Professional" <redteamer@gmail.com>
To: <pen-test@securityfocus.com>
Sent: Tuesday, June 21, 2005 7:02 AM
Subject: Core Impact


Hey folks.  I was just wondering if anyone out there has tried the
Core Impact product, or even better, purchased it and currently uses
it.  If so, would you be so kind as to send me a quick down and dirty
of how you feel about this product?  I am in the process of looking at
it and before I move any further, I would like to have the community's
thoughts on this Company and their product.  Any comments would be
appreciated.

P.S. - Don't feel you have to post them publicly.  Just send them
directly to me, unless you feel it is something everyone will benefit
from.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: CEH training, Michael Mooney
Next by Date:  RE: Core Impact, Andre Protas
Previous by Thread:  RE: Core Impact, boxerb
Next by Thread:  Re: Core Impact, paul dansing
Indexes:  [Date] [Thread] [Top] [All Lists]