Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Core Impact

from [Daniel Miessler] Network Security [Permanent Link]
Subject: Re: Core Impact
Date: Thu, 23 Jun 2005 23:40:06 -0400 

On Jun 21, 2005, at 12:27 PM, securityfocus@benmansour.net wrote:

You might also want to look at the following open source project :

Metasploit
http://www.metasploit.com/
"The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code."

Except for the GUI, it offers comparable functionality and a broad choice of exploits.

Actually, while I think Metasploit is an impressive framework and use it often, it lacks a main feature that IMPACT has. Namely, IMPACT is able to do something they call "pivoting". This allows a tester to select an exploit in the GUI, launch it, and then upload the IMPACT agent to the newly compromised system.

From there, you now have the same GUI from which you can re-scan and exploit from that vantage point; rinse and repeat. In my view, this is what sets this tool apart from the others.

Of course, this isn't a replacement for a truly skilled pentester in complex situations, but when the network is full of three year old vulnerabilities and you're trying to make a point to a client's management, it's quite effective.

--
Daniel R. Miessler
M: daniel@dmiessler.com
W: http://dmiessler.com
G: 0x316BC712




Attachment: PGP.sig
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: CEH training, Tim Singletary
Next by Date:  Re: how to exploit SQL INJECTION?, Dave Korn
Previous by Thread:  Re: Core Impact, securityfocus
Next by Thread:  Re: Core Impact, Daniele Milan
Indexes:  [Date] [Thread] [Top] [All Lists]