[Full-disclosure] BH/DC: Tactical Exploitation Materials
hernan at gmail.com
Fri Aug 10 01:24:22 BST 2007
On 8/9/07, H D Moore <fdlist at digitaloffense.net> wrote:
> At Black Hat 2007 and Defcon 15, Valsmith and I gave a talk
> entitled "Tactical Exploitation". This talk introduced a tactical
> approach to penetration testing that does not rely on exploiting known
I really like all the techniques mentioned on your white paper and I also
stuff like this because it reminds people that penetration testing is not
only about using exploits (in
the sense of ''let's run a script that tries to exploit a specific
vulnerability and see what happens, oh, didnt work!, i'm finish, done!"), so
congrats for that. The only thing I would argue is the concept that your
paper is actually 'INTRODUCING a tactical
approach to penetration testing', 'Revisiting' would be much more accurate
in my opinion. I don't think your
approach is new. Having said that, I do think, like I said, that your paper
comes at the right time because the proliferation
of 'explotation frameworks' and their (commonly) direct association with
'penetration testing' can mislead people to
believe that penetration testing is only that. So congrats again :).
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.