Home page logo
/

dailydave logo Dailydave mailing list archives

Re: On Phillippe Courtot's RSAC Keynote
From: Marc Maiffret <marc () marcmaiffret com>
Date: Tue, 25 Mar 2014 14:58:25 -0700

Attackers and exploitation tools are false negative heavy. Not all
exploits have the same reliability as to not produce false negatives.
This could be as simple as an IT person using a default Metasploit
exploit which simply did not succeed because their AV had signatures
for it or another older exploit requiring Java as a dependency to
bypass ASLR vs. an exploit toolkit that does not.

Obviously there is an important place in security for exploitation
tools (and more so people who know how to use them) but not sure using
false negative prone tools to clean up false positives is it.

-Marc

On Tue, Mar 25, 2014 at 11:24 AM, Dave Aitel <dave () immunityinc com> wrote:
<snip>
I think one
problem is of course that continuous external scanning is false positive
heavy. Attackers have no false positives - they either got inside the
network or they didn't. It's a hole in Qualys's strategy that Rapid7
definitely saw - to integrate exploitation into scanning.
<snip>
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]