Dailydave mailing list archives
Re: Dreaming of Summer
From: David Maynor <dave () 0dayspray com>
Date: Sun, 07 Dec 2003 00:08:20 -0500
Say a WH is contracted to do pentesting, she wanders into an environment secured against known vulnerabilities, uses a 0day and then what does she report? "You're still vulnerable! I got in. Here's proof. Can't tell you how I did it: proprietary tools, trade secrets, etc etc."
I forgot to mention the NDA. I would not perform a pentest that did not have a NDA in place not to disclose to tools and techniques i used. There are more than just 0day to consider here. For instance if i worte an autorooter for the last 4 MS remote holes, and I use that for pentests, I don't want copies of that floating around. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- RE: Dreaming of Summer, (continued)
- RE: Dreaming of Summer Kohlenberg, Toby (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Tri Huynh (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Sean Batt (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Pen-Testing Disclosure was Re: Dreaming of Summer dailydave (Dec 08)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer Kohlenberg, Toby (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 07)
- RE: Dreaming of Summer Halvar Flake (Dec 09)
- RE: Dreaming of Summer David Maynor (Dec 07)