Re: [fw-wiz] VA vs PT tool

From: Ivan Arce (ivan.arce_at_corest.com)
Date: 06/20/03

  • Next message: Hilal Hussein: "RE: [fw-wiz] HTTPS, proxies, and remote developers." 
    To: Gregory Austin <greg@austinconsulting.com>
Date: Thu, 19 Jun 2003 21:30:55 -0300

    I could not resist and jumped in...

    ok, so i work for the company that sells CORE IMPACT but i will
    try to keep this as objective as possible. However, my opinions are not
    unbiased.

    CORE IMPACT does exactly what you ask for, it ships with real
    exploits (developed in-house, NOT a collection of publicly available
    proof of concept code hacked together from mailing lists and archives), that
    actually compromise systems and install agents on them by exploiting their
    vulnerabilities, the user can the take advantage of the deployed agents to
    elevate privileges in compromised hosts or penetrate further into the target
    network, the substatial and troublesome part of any penetration test.

    the infosecurity magazine review of the product is not especially good,
    but most of the shortcomings pointed out in the article steem from its
    network mapping and os fingerprinting capabilities.
    That is certainly a necessary part of any PT and the product covers it
    lightly according to infosecmag. but the real strengths and its unique-ness
    are more apparent with the exploitation, attack and privilege escalation and
    reporting and cleanup capabilities.

    -ivan 

    ---
Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES
46 Farnsworth Street
Boston, MA 02210
Ph: 617-399-6980
Fax: 617-399-6987
ivan.arce@coresecurity.com
www.coresecurity.com
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
Gregory Austin wrote:
> Simon,
> 
>      You may want to take a look at the latest Information Security 
> magazine (June).  There is an article about a product called CORE IMPACT 
> that purports to do what you're looking for.  I personally have no 
> experience with the product, and it didn't get an especially good review 
> from the magazine, but if you're interested you can find the article 
> on-line at:
> 
>      http://www.infosecuritymag.com/2003/jun/testcenter.shtml
> 
> Greg
> 
> 
>> However, a VA tool is limited, in that it only stops at the 
>> vulnerability.
>>
>> I'm looking at a Pen Test tool that not only does the VA functionality 
>> but
>> also exploit the vulnerability thus
>> defining it as a real THREAT and not just a vulnerability.
>>
>> Is there a widely accepted tool on the market right now ?
>>
>>
> 
> 
> 
> 
> ==============================
> Greg is, among other things,  a moron.
> Anything he has said above is solely his
> own opinion, not that of his employer.
> ==============================
> 
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Hilal Hussein: "RE: [fw-wiz] HTTPS, proxies, and remote developers."

    Relevant Pages

    • Re: IDS Evaluation
      ... vulnerability scanning). ... We actually include a limited license copy of Core Impact with our ... Evaluation boxes that we ship so people can easily evaluate our IPS ... >> about the accuracy of the ids. ...
      (Focus-IDS)
    • Re: Pentesting tool - Commercial
      ... The numbers show that Core Impact is superior to Canvas and Metasploit. ... Instead of RPT, I suggest asset management combined with regular, ... good-old fashioned vulnerability scanning. ... Add an exploitation pack or two. ...
      (Pen-Test)
    • Re: Re: Re: HTTP traffic
      ... Exploit specific means -> u have less idea about the vulnerability and u want to complete the rules fast?? ... exploit specific,IT dosent looks professional,U can bypassed by just changing AAA to BBB bobo.. ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)