[Dailydave] Defending the honor of...penetration testing tools

antisnatchor antisnatchor at gmail.com
Tue Feb 12 13:18:25 EST 2013


The problem IMHO is lots of people out there still believe in security
by obscurity.
Translated for this specific case, they think if Metasploit for instance
was never born,
there would have been less pwnage in the world.

There are too many examples this statement is obviously wrong.

Many times the only way to "wake up" sleeping vendors, lazy with
patching, is exactly
creating a tool that automates attacks and pwnage.

You can't imagine how many attacks in BeEF are not working anymore
(sigh) because
vendors silently patched the bug after we wrote or ported an exploit to
BeEF.

Cheers
antisnatchor
> ------------------------------------------------------------------------
>
> 	Dave Aitel <mailto:dave at immunityinc.com>
> February 12, 2013 5:50 PM
>
>
> So as you can see below, I'll be at RSA asking Andrew Jaquith why on
> earth he thinks penetration testing tools are evil. To be honest, I
> have no idea. Does that also imply penetration testing is evil, or is
> he saying that penetration testing tools make people lazy and therefor
> you get better penetration tests without them, in which case I'll try
> to get him to write his future papers without a keyboard or something.
>
> Speaking of penetration testing tools - Immunity is hiring CANVAS
> developers here in Miami Beach. If you want to work on CANVAS and you
> speak both assembly language and Python and have a passion for
> building awesome tools that let people break into systems (some of
> which we make public!), then send me an email.
>
> We're also hiring an experienced Django web developer.
>
> You do also have to be legal to work here in Miami or Washington DC
> for these positions.
>
> -dave
>
>
> https://ae.rsaconference.com/US13/connect/sessionDetail.ww?SESSION_ID=3297&tclass=popup#.URp4m2gUwM0.twitter
> <https://ae.rsaconference.com/US13/connect/sessionDetail.ww?SESSION_ID=3297&tclass=popup#.URp4m2gUwM0.twitter>
>
> MASH-T16 - Debate: Internet GUN CONTROL - Are Pentesting Tools Good or
> Evil?
>
> Moderator(s): 
> Pete Lindstrom - Principal, Spire Security 
> <https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=430145EACD4EBC80B7251A1E5A519F1E&tclass=popup>
>
> Panelist(s): 
> Dave Aitel - Chief Executive Officer, Immunity, Inc. 
> <https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=66B255D131FD603BCBE896DDEB1F0617&tclass=popup>
> Andrew Jaquith - Chief Technology Officer, Perimeter E-Security 
> <https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=7A07665968A7B2320DCA9BF860462864&tclass=popup>
>
> From SATAN in the 90's to Metasploit today, penetration testing tools
> have been common in the arsenal of information security professionals.
> These tools allow any user to assess the vulnerable state of their IT
> platforms. Some say that they are useful while others assert they are
> detrimental for the overall health of the Internet. Come hear the
> debate and weigh in with your own opinions.
>
>
> -- 
> INFILTRATE - the world's best offensive information security conference.
> April 2013 in Miami Beach
> www.infiltratecon.com
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130212/c3d6311d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130212/c3d6311d/attachment-0001.jpg>


More information about the Dailydave mailing list