here is adriel from netragard spouting about his lame company that uses nessusd for all their testing... notice his signature has multiple emails and phone numbers because his is incapable of passing his cissp<br><br><div class="gmail_quote">
On Nov 1, 2007 9:31 AM, Adriel Desautels <<a href="mailto:adriel@netragard.com">adriel@netragard.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
We rely on manual testing for everything. Our philosophy is that<br>automation is not nearly as effective as human talent. Human talent<br>produces high quality reports.<br><br>What is the name of your company?<br><br><br>
<br>Regards,<br> Adriel T. Desautels<br> Chief Technology Officer<br> Netragard, LLC.<br> Office : 617-934-0269<br> Mobile : 617-633-3821<br> <a href="http://www.linkedin.com/pub/1/118/a45" target="_blank">
http://www.linkedin.com/pub/1/118/a45</a><br><br>---------------------------------------------------------------<br>Netragard, LLC - <a href="http://www.netragard.com" target="_blank">http://www.netragard.com</a> - "We make IT Safe"
<br>Penetration Testing, Vulnerability Assessments, Website Security<br><div class="Ih2E3d">reepex wrote:<br>> I work at a less known security company that bans use of any automated<br>> tools unless under extreme circumstances. These include times such as
<br>> when have 1000s of ip addresses all alive and running random windows<br>> versions so we use mass scans to find any unpatched machines. We<br>> strictly do not allow 'web scanners' no matter how large the size
<br>> because they are all crap and its quicker to find the bugs yourself<br>> then verify all the false positives any web app scanner creates.<br>><br>> How does your company handle these things?<br>><br>> On 10/31/07, Simon Smith <
<a href="mailto:simon@snosoft.com">simon@snosoft.com</a>> wrote:<br></div><div><div></div><div class="Wj3C7c">> Reepex,<br>> What company are you with? I'm actually interested in finding infosec<br>> companies that perform real work as opposed to doing everything
<br>> automated. Nice to hear that you're a real tester.<br>><br>> With respect to your question, doesn't msf3 have some of that<br>> functionality already built into it? Have you already hit all their
<br>> web-apps?<br>><br>> reepex wrote:<br>>>>> resulting to se in a pen test cuz you cant break any of the actual machines?<br>>>>><br>>>>> lulz<br>>>>><br>>>>> On 10/31/07, Joshua Tagnore <
<a href="mailto:joshua.tagnore@gmail.com">joshua.tagnore@gmail.com</a>> wrote:<br>>>>>> List,<br>>>>>><br>>>>>> Some time ago I remember that someone posted a PoC of a small site that
<br>>>>>> had a really nice looking flash animation that "performed a virus scan" and<br>>>>>> after the "virus scan" was finished, the user was prompted for a "Download
<br>>>>>> virus fix?" question. After that, of course, a file is sent to the user and<br>>>>>> he got infected with some malware. Right now I'm performing a penetration<br>>>>>> test, and I would like to target some of the users of the corporate LAN, so
<br>>>>>> I think this approach is the best in order to penetrate to the LAN.<br>>>>>><br>>>>>> I searched google but failed to find the URL, could someone send it to<br>>>>>> me ? Thanks!
<br>>>>>><br>>>>>> Cheers,<br>>>>>> --<br>>>>>> Joshua Tagnore<br>>>>>> _______________________________________________<br>>>>>> Full-Disclosure - We believe in it.
<br>>>>>> Charter:<br>>>>>> <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>>>>>> Hosted and sponsored by Secunia -
<a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>>>>>><br>>>>> _______________________________________________<br>>>>> Full-Disclosure - We believe in it.<br>
>>>> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>>>>> Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">
http://secunia.com/</a><br>><br>>><br></div></div></blockquote></div><br>