From: Carl Tucker (manuscity@hotmail.com)
Date: Tue Jun 14 2005 - 17:39:19 EDT
Jeff, you raise an interesting point, I have been growing a list of exploit
files and regularly found many of them not to deliver what they claimed. I
have been using metasploits for a while and got on ok with it, many of those
files are not correct either and having to do a hand audit can be a pain in
the ass.
I started using a pretty cool app called traffic iq from www.karalon.com a
while ago and that has got a big library in it and I havent found any
problems.
CT
>From: "Jeff" <jb@jbware.net>
>Reply-To: <jb@jbware.net>
>To: <pen-test@securityfocus.com>
>Subject: Exploit Repositories and Due Diligence
>Date: Thu, 9 Jun 2005 21:19:52 -0400
>
>I have a question regarding the use of exploit repositories (including
>projects like Metaploit, and compliations on bootable distros like
>Whoppix).
>With all of the large exploit repositories used to make pen testing faster
>and easier, what methods do you use to ensure you've done your due
>diligence
>in not unleashing something actually harmful on your clients? I have my
>own
>thoughts, such as googling and superficial|deep code reviews, but
>ultimately
>my concern is over the malcious hiding of intentions. Thanks for any
>insights and suggestions.
>
>- Jeff
>
>
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:25 EDT