Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: Immunity Certified Network Offense Professional
From: "Thomas Ptacek" <tqbf () matasano com>
Date: Sun, 13 Jul 2008 19:11:53 -0500
NB: I'm not talking because I think Dave is evil. I already knew Dave
was evil. I'm talking because this is an interesting topic.

I agree: being able to bust into enterprise applications is a great
way to ace an internal pentest. But even then, the best findings are
often not memory corruption vulnerabilities. When we talk about the
terribly insecure apps across enterprises, we should be thinking about
shell metacharacters.


Second, I see terribly insecure apps across enterprises all the time.
They're niche products or internally developed that often sit on key
systems. They usually don't have public vulns because they're internal or
niche but if you sit down with them they're generally easy enough to break.
So doing so is reasonable way to get into a fully patched system. It also
makes you look good and reinforces security best practices like
compartmentalization, defense in depth, etc.


-- 
---
Thomas H. Ptacek // matasano security
read us on the web: http://www.matasano.com/log
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]