[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] CORE-Impact license bypass

To: Bernhard Mueller <research@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] CORE-Impact license bypass
From: Andrew Simmons <asimmons@xxxxxxxxxxxxxxx>
Date: Tue, 27 Sep 2005 18:04:47 +0100

Bernhard Mueller wrote:

Exibar wrote:
     I didn't mean to imply that the consultants create their own exploits,
not many I know could even begin to do that, only a couple are talented
enough to do just that.  Even for those very few, it's just not feasable
from a time perspective.  Much quick and cost effective to use what's out
there.
so what use is a pentest if the consultant isn't even talented enough to find / create exploits for unknown vulnerabilities? any average admin can install and run an automatic security scanner. furthermore, a common nessus report contains 99% useless garbage.

A good pentester will not just hand over a Nessus (or ItsStillShit, CANVAS,..) report. The results of a Nessus scan (as with Nmap, firewalk, document grinding, google searches, *plus* the results of all the manual scouting about that's done) are data that need to be analysed and placed in context by the pentester.

A pentester who hands over nothing but an automated report, isn't. A pentester who doesn't bother using Nessus is either extraordinarily good, has a very small target, or is perhaps doing something slightly different.

It's important to draw a distinction between an attempt to find *any* way into the target network / plant a flag file / get root on the target system, or whatever, versus an attempt to find as many ways onto the target as possible in the time.

Many pentest customers think they want the latter, but get the former.

Some people would call this a "vulnerability assessment" rather than a pentest. I guess it depends whether you're joesbaitshop.com or the USAAF Strategic Air Command (nuclear strike group), who were one of the first orgs to use pentest / tiger team methods.

\a

--
Andrew Simmons
Technical Security Consultant
MessageLabs

______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

References:
- RE: [Full-disclosure] CORE-Impact license bypass
  - From: Marc Maiffret
- Re: [Full-disclosure] CORE-Impact license bypass
  - From: Exibar
- Re: [Full-disclosure] CORE-Impact license bypass
  - From: Bernhard Mueller

Prev by Date: Re: [Full-disclosure] Third issue of the Zone-H Comics
Next by Date: RE: [Full-disclosure] Third issue of the Zone-H Comics
Previous by thread: Re: [Full-disclosure] CORE-Impact license bypass
Next by thread: Re: [Full-disclosure] CORE-Impact license bypass
Index(es):
- Date
- Thread