Exploit Repositories and Due Diligence

From: Jeff (jb@jbware.net)
Date: Thu Jun 09 2005 - 21:19:52 EDT

• Next message: Tim: "Re: SQL injection"
• Previous message: Hecber Cordova: "RE: SQL injection"
• In reply to: Hecber Cordova: "RE: SQL injection"
• Next in thread: Leandro Reox: "RE: Exploit Repositories and Due Diligence"
• Reply: Leandro Reox: "RE: Exploit Repositories and Due Diligence"
• Reply: Sahir Hidayatullah: "RE: Exploit Repositories and Due Diligence"
• Reply: Carl Tucker: "RE: Exploit Repositories and Due Diligence"
• Reply: Carl Tucker: "RE: Exploit Repositories and Due Diligence"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have a question regarding the use of exploit repositories (including
projects like Metaploit, and compliations on bootable distros like Whoppix).
With all of the large exploit repositories used to make pen testing faster
and easier, what methods do you use to ensure you've done your due diligence
in not unleashing something actually harmful on your clients? I have my own
thoughts, such as googling and superficial|deep code reviews, but ultimately
my concern is over the malcious hiding of intentions. Thanks for any
insights and suggestions.

- Jeff

• Next message: Tim: "Re: SQL injection"
• Previous message: Hecber Cordova: "RE: SQL injection"
• In reply to: Hecber Cordova: "RE: SQL injection"
• Next in thread: Leandro Reox: "RE: Exploit Repositories and Due Diligence"
• Reply: Leandro Reox: "RE: Exploit Repositories and Due Diligence"
• Reply: Sahir Hidayatullah: "RE: Exploit Repositories and Due Diligence"
• Reply: Carl Tucker: "RE: Exploit Repositories and Due Diligence"
• Reply: Carl Tucker: "RE: Exploit Repositories and Due Diligence"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT