<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000">The problem IMHO is lots
of people out there still believe in security by obscurity.<br>
Translated for this specific case, they think if Metasploit for instance
was never born,<br>
there would have been less pwnage in the world.<br>
<br>
There are too many examples this statement is obviously wrong.<br>
<br>
Many times the only way to "wake up" sleeping vendors, lazy with
patching, is exactly<br>
creating a tool that automates attacks and pwnage.<br>
<br>
You can't imagine how many attacks in BeEF are not working anymore
(sigh) because<br>
vendors silently patched the bug after we wrote or ported an exploit to
BeEF.<br>
<br>
Cheers<br>
antisnatchor<br>
<blockquote style="border: 0px none;"
cite="mid:511A80D2.3020600@immunityinc.com" type="cite">
<div style="margin-left:40px"><hr style="border:none 0;border-top:1px
dotted #B5B5B5;height:1px;margin:0;" class="__pbConvHr"><br></div>
<table style="padding-top: 5px;" class="__pbConvTable">
<tbody><tr><td style="padding-top:4px;" valign="top"><img
src="cid:part1.01080002.08080101@gmail.com"
photoaddress="dave@immunityinc.com" photoname="Dave Aitel"
name="compose-unknown-contact.jpg" height="25px" width="25px"></td><td
style="padding-left:5px;" valign="top"><a moz-do-not-send="true"
href="mailto:dave@immunityinc.com" style="color:#2057EF
!important;text-decoration:none !important;">Dave Aitel</a><br><font
color="#888888">February 12, 2013 5:50 PM</font></td></tr></tbody>
</table>
<div style="color:#888888;margin-left:35px;" __pbrmquotes="true"
class="__pbConvBody"><br>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
So as you can see below, I'll be at RSA asking Andrew Jaquith why on
earth he thinks penetration testing tools are evil. To be honest, I
have no idea. Does that also imply penetration testing is evil, or
is he saying that penetration testing tools make people lazy and
therefor you get better penetration tests without them, in which
case I'll try to get him to write his future papers without a
keyboard or something.<br>
<br>
Speaking of penetration testing tools - Immunity is hiring CANVAS
developers here in Miami Beach. If you want to work on CANVAS and
you speak both assembly language and Python and have a passion for
building awesome tools that let people break into systems (some of
which we make public!), then send me an email.<br>
<br>
We're also hiring an experienced Django web developer. <br>
<br>
You do also have to be legal to work here in Miami or Washington DC
for these positions. <br>
<br>
-dave<br>
<br>
<br>
<a moz-do-not-send="true"
href="https://ae.rsaconference.com/US13/connect/sessionDetail.ww?SESSION_ID=3297&tclass=popup#.URp4m2gUwM0.twitter">https://ae.rsaconference.com/US13/connect/sessionDetail.ww?SESSION_ID=3297&tclass=popup#.URp4m2gUwM0.twitter</a><br>
<br>
<meta charset="utf-8">
<div style="font-family: Arial, Verdana,
sans-serif; margin-bottom: 5px; color: rgb(153, 153, 153);
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: normal;
orphans: 2; text-align: left; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;"
class="addthis_toolbox addthis_default_style
addthis_16x16_style">MASH-T16
- Debate: Internet GUN CONTROL - Are Pentesting Tools Good or
Evil?</div>
<fieldset style="font-family: Arial, Verdana, sans-serif; padding:
0px;
border: none; border-top-left-radius: 5px;
border-top-right-radius: 5px; border-bottom-right-radius: 5px;
border-bottom-left-radius: 5px; margin: 0px; clear: both; color:
rgb(153, 153, 153); font-size: 12px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-align: left; text-indent:
0px; text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px;" class="detailsWidget special"
id="speakers"><br style="font-family: Arial,
Verdana, sans-serif;">
Moderator(s): <br style="font-family: Arial, Verdana, sans-serif;">
<a moz-do-not-send="true" style="font-family: Arial,
Verdana, sans-serif; text-decoration: initial; color: rgb(85,
119, 187);" class="speakerProfile" id="5515"
href="https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=430145EACD4EBC80B7251A1E5A519F1E&tclass=popup">Pete
Lindstrom - Principal, Spire Security </a><br style="font-family:
Arial, Verdana, sans-serif;">
<br style="font-family: Arial, Verdana, sans-serif;">
Panelist(s): <br style="font-family: Arial, Verdana, sans-serif;">
<a moz-do-not-send="true" style="font-family: Arial,
Verdana, sans-serif; text-decoration: initial; color: rgb(85,
119, 187);" class="speakerProfile" id="2265"
href="https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=66B255D131FD603BCBE896DDEB1F0617&tclass=popup">Dave
Aitel - Chief Executive Officer, Immunity, Inc. </a><br
style="font-family: Arial, Verdana, sans-serif;">
<a moz-do-not-send="true" style="font-family: Arial,
Verdana, sans-serif; text-decoration: initial; color: rgb(85,
119, 187);" class="speakerProfile" id="3593"
href="https://ae.rsaconference.com/US13/connect/speakerDetail.ww?PERSON_ID=7A07665968A7B2320DCA9BF860462864&tclass=popup">Andrew
Jaquith - Chief Technology Officer, Perimeter
E-Security </a><br style="font-family: Arial, Verdana,
sans-serif;">
</fieldset>
<fieldset style="font-family: Arial,
Verdana, sans-serif; padding: 0px; border: none;
border-top-left-radius: 5px; border-top-right-radius: 5px;
border-bottom-right-radius: 5px; border-bottom-left-radius: 5px;
margin: 0px; clear: both; color: rgb(153, 153, 153); font-size:
12px; font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal; orphans: 2;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;"
class="special" id="abstract">
<p style="font-family: Arial, Verdana, sans-serif;">From SATAN in
the 90's to Metasploit today, penetration testing tools have
been common in the arsenal of information security
professionals. These tools allow any user to assess the
vulnerable state of their IT platforms. Some say that they are
useful while others assert they are detrimental for the overall
health of the Internet. Come hear the debate and weigh in with
your own opinions.</p>
</fieldset>
<br>
<div>-- <br>INFILTRATE - the world's best offensive information
security conference.<br>April 2013 in Miami Beach<br><a
moz-do-not-send="true" href="http://www.infiltratecon.com"
class="moz-txt-link-abbreviated">www.infiltratecon.com</a><br></div>
<div>_______________________________________________<br>Dailydave
mailing list<br><a class="moz-txt-link-abbreviated" href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br><a class="moz-txt-link-freetext" href="https://lists.immunityinc.com/mailman/listinfo/dailydave">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br></div></div>
</blockquote>
</body></html>