<div dir="ltr">Meh, same questions are always asked of pretty much any purchase IT or not. <div><br></div><div>1. Does it do what I need it to do (give me control of the system)</div><div>2. Is it reliable (switching protocols and comm methods is a technical detail)</div>
<div>3. Does it have enough oomph (highly technical term, amount of exploits/0day/MITM/Citrix voodoo)</div><div><br></div><div>I doubt very many pentesters will be asking for the features you have described any time soon. I fear the day when pentesters start asking FLAME/STUXNET questions like "Which $hardware/$software do you have a backdoor in"</div>
</div><div class="gmail_extra"><br clear="all"><div><br>--<br>Rob Fuller | Mubix<br>Certified Checkbox Unchecker<br>Room362.com | Hak5.org</div>
<br><br><div class="gmail_quote">On Fri, Oct 25, 2013 at 1:34 PM, David Maynor <span dir="ltr"><<a href="mailto:dave@erratasec.com" target="_blank">dave@erratasec.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
And also "How many exploits does it have?"<br>
Not everybody is a exploit expert and someone in the chain of command will ask if your arbitary value A is larger than competitors arbitrary value A.<br>
<div><div class="h5"><br>
On Oct 25, 2013, at 11:54 AM, Dave Aitel <<a href="mailto:dave@immunityinc.com">dave@immunityinc.com</a>> wrote:<br>
<br>
> The future of penetration testing tools is coming up quickly, and all<br>
> the questions have changed on you.<br>
><br>
> For example, it used to be that you would ask:<br>
><br>
> o "How many exploits does it have?"<br>
> o "How fast can it scan a class B?"<br>
> o "Can it connect back over HTTPS?"<br>
> o "Can it bounce from host to host within the internal network?"<br>
> o "Can you automatically choose the right client side attack when people<br>
> connect to you?"<br>
> o etc<br>
><br>
> But here are some of the ones we're asking the INNUENDO dev team, which<br>
> I think are representative of the post FLAME/STUXNET world:<br>
> o "Is the local persistence store configurable between the registry and<br>
> file system or other covert data storage?"<br>
> o "Can I reconfigure the callback protocol on the fly during a file<br>
> transfer - and does this automatically happen if my HTTPS callback gets<br>
> suddenly blocked or shut down?"<br>
> o "How does it handle Citrix?"<br>
> o "Is the covert file storage automatically encrypted to C&C or is it<br>
> plaintext or what?"<br>
> o "Can I store exploit modules encrypted on the machine until the C&C<br>
> asks for them to be used?" (<a href="http://www.securelist.com/en/blog/208193781/" target="_blank">http://www.securelist.com/en/blog/208193781/</a>)<br>
> o "Does it come with the ability to do raw socket injection on Windows 8<br>
> x64?"<br>
> o "How do I write a MITM module?"<br>
><br>
> -dave<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> Dailydave mailing list<br>
> <a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>
> <a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
<br>
_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
</blockquote></div><br></div>