RE: Why eEye Retina (was MBSA scanner)

From: Bojan Zdrnja (Bojan.Zdrnja_at_LSS.hr)
Date: 04/22/04

  • Next message: Matt Wagenknecht: "Re: MBSA scanner" 
    To: <pen-test@securityfocus.com>
Date: Thu, 22 Apr 2004 12:48:34 +1200

     

    > -----Original Message-----
    > From: Steve [mailto:zen6696@zen.co.uk]
    > Sent: Thursday, 22 April 2004 6:27 a.m.
    > To: pen-test@securityfocus.com
    > Subject: RE: Why eEye Retina (was MBSA scanner)
    >
    > I have had a similar experience with Retina, If you have authenticated
    > to the target system then you do get a different set of results than if
    > you have not authenticated. I have never used their tech support so I

    Well, that is quite logical and expected, isn't it?
    If you have domain administrator (or other) privileges on the remote
    machine, it's obvious that you will be able to check additional things.
    Almost every scanner will behave like that.

    Also, be cautios as this might give you false positives, meaning that you
    might detect things that are not exploitable without prior gaining
    administrator privileges, after which everything falls down anyway.

    Bojan Zdrnja
    CISSP

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------

  • Next message: Matt Wagenknecht: "Re: MBSA scanner"

    Relevant Pages

    • RE: Cisco CSA
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Any reason not to use strcpy, strcat or scanf?
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: New Trojan?
      ... > Ethical Hacking at the InfoSec Institute. ... Attend a course taught by an expert instructor with years of ... pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • RE: Wireless access
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... pen testing experience in our state of the art hacking lab. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: antivirus for linux
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)