[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] CORE-Impact license bypass

reports, what are they? Managers, I have seen them on TV.

On 26/09/05, Exibar <exibar@xxxxxxxxxxx> wrote:
>
> >----- Original Message -----
> >From: "c0ntex" <c0ntexb@xxxxxxxxx>
> >To: "Josh Perrymon" <perrymonj@xxxxxxxxxxxxxxxx>;
> <full-disclosure@xxxxxxxxxxxxxxxxx>
> >Sent: Monday, September 26, 2005 3:36 PM
> >Subject: Re: [Full-disclosure] CORE-Impact license bypass
> >
>
> >CORE is a good product for what it does. Just as NMAP is and just like
> >Nessus is, though relying on them is probably not a good idea for an
> >audit. I rather do all pentesting by hand, nothing can compete against
> >that and I can't think of a time where I have ever used either Nessus
> >or CORE in an audit.
> >
> >Never used CANVAS. I don't care for Automated exploit tools but
> >someone had CORE and I  fancied a play as the CORE team are a pretty
> >interesting bunch of guys.
>
>
>  I fancied a play once too... but she slapped me when I started to play with
> her in the hallway :-)
>
>   anyway....  Wouldn't you want to run Nessus on a network you're conducting
> a pentest on to get a general overview of what vulnerabilities it finds?
> Sure beats guessing or hoping that server-suchandsuch isn't patched.
>
>   As far as automated tools go, bah, manually exploiting the holes is
> certainly the way to go.  But, the automated tools usually produce nice
> pretty reports that you can show the client.  They just LOOOOOVVVVVEEEEEE
> pretty reports with many bright colors and such for the good stuff and dark
> "hacker like" colors for the bad stuff :-)
>
>   Exibar
>
>
>


--

regards
c0ntex
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/