[Dailydave] Defending the honor of...penetration testing tools

Mohammad Hosein mhtajik at gmail.com
Tue Feb 12 16:56:17 EST 2013 

"they think if Metasploit for instance was never born,
there would have been less pwnage in the world."

list knows i never stop missing Christopher , so , without further ado i
want to put an assertion here . they say "arguably" their point is
logically valid . logic being we are a Hamiltonian closed system where the
total kinetic energy of offense is just equal to the sum of our mosdef
nodes . with a sober mind , one would even calculate how much a healthy
mosdef node can actually do harm in an assumed n-degree space system with
defined objects and specific values . to make the conversation
understandable for people of different native mother languages , i am not
going to ignore the philosophical platform where and when such engineering
is happening , it sounds silly first but you get used to it . therefore we
can simply save time and presume a smart one of these guys comes right
after each update of each tool , and assigns precisely how much of
potential damage ( in some metrics like Joule , Ton , Watt ) just added to
the system . we are told by many people in many centuries written on many
books that evil thoughts make harm or eventually result in harm therefore
the thoughts themselves even if they dont get implemented into a mosdef - a
potential harm -  in Delta t , still , add to the total kinetic energy of
offense and whether the thoughts or the resulting mosdefs are rotating or
angular because they finally move , by that , i mean dave's business .

still ignoring the philosophic platform , which is "the" issue and still ,
ironically enough , we can argue our way out . How ? even within the
constraint of the conversation in terms and agreements , their idea is
Stupid ( offense intended ) . they got to make the system either absolute
zero evil thought , or there must be good mosdefs AND evil mosdefs . or
maybe they are Ok with Classic mechanics with a finger up Newton's butt ass
the forth rule ?

i suggest no addition of advanced math and physics , any kind of societal
dialog or even honor the conversation more than what it is , by adding
variety of philosophic thoughts giving insane complex angels to the topic .
that actually might be evil itself considering you are spending electrics
based on offshore oil and nuclear reactors with hazard waste that ages more
than us ;)

@ Dave : any PR is still PR . see how smooth i turned meterpreter into
mosdef ? paypal me what you honestly think the work deserve and consider i
am not legal to work in U.S or be dealt with from within U.S :>
wasnt it more fun if you got yourself a spot to talk about the RSA's
bullshit story with the Iranian Cyber Police , their "talk" , and finally
entertaining restrictions on that organization as a whole due to its
involvement in aggregating monster SYN floods to Citibank ? :D


M.



On Tue, Feb 12, 2013 at 9:48 PM, antisnatchor <antisnatchor at gmail.com>wrote:

> The problem IMHO is lots of people out there still believe in security by
> obscurity.
> Translated for this specific case, they think if Metasploit for instance
> was never born,
> there would have been less pwnage in the world.
>
> There are too many examples this statement is obviously wrong.
>
> Many times the only way to "wake up" sleeping vendors, lazy with patching,
> is exactly
> creating a tool that automates attacks and pwnage.
>
> You can't imagine how many attacks in BeEF are not working anymore (sigh)
> because
> vendors silently patched the bug after we wrote or ported an exploit to
> BeEF.
>
> Cheers
> antisnatchor
>
> ------------------------------
>
>  Dave Aitel <dave at immunityinc.com>
> February 12, 2013 5:50 PM
>
> So as you can see below, I'll be at RSA asking Andrew Jaquith why on earth
> he thinks penetration testing tools are evil. To be honest, I have no idea.
> Does that also imply penetration testing is evil, or is he saying that
> penetration testing tools make people lazy and therefor you get better
> penetration tests without them, in which case I'll try to get him to write
> his future papers without a keyboard or something.
>
> Speaking of penetration testing tools - Immunity is hiring CANVAS
> developers here in Miami Beach. If you want to work on CANVAS and you speak
> both assembly language and Python and have a passion for building awesome
> tools that let people break into systems (some of which we make public!),
> then send me an email.
>
> We're also hiring an experienced Django web developer.
>
> You do also have to be legal to work here in Miami or Washington DC for
> these positions.
>
> -dave
>
>
>
> https://ae.rsaconference.com/US13/connect/sessionDetail.ww?SESSION_ID=3297&tclass=popup#.URp4m2gUwM0.twitter
>
>  MASH-T16 - Debate: Internet GUN CONTROL - Are Pentesting Tools Good or
> Evil?
>
> Moderator(s):
> Pete Lindstrom - Principal, Spire Security <https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=430145EACD4EBC80B7251A1E5A519F1E&tclass=popup>
>
> Panelist(s):
> Dave Aitel - Chief Executive Officer, Immunity, Inc. <https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=66B255D131FD603BCBE896DDEB1F0617&tclass=popup>
> Andrew Jaquith - Chief Technology Officer, Perimeter E-Security <https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=7A07665968A7B2320DCA9BF860462864&tclass=popup>
>
> From SATAN in the 90's to Metasploit today, penetration testing tools have
> been common in the arsenal of information security professionals. These
> tools allow any user to assess the vulnerable state of their IT platforms.
> Some say that they are useful while others assert they are detrimental for
> the overall health of the Internet. Come hear the debate and weigh in with
> your own opinions.
>
> --
> INFILTRATE - the world's best offensive information security conference.
> April 2013 in Miami Beach
> www.infiltratecon.com
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130213/2a2c67a1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 770 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130213/2a2c67a1/attachment.jpg>

More information about the Dailydave mailing list