OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Core Impact

From: David Eduardo Acosta Rodríguez (david.acostainternet-solutions.com.co)
Date: Tue Jun 21 2005 - 17:30:12 CDT


Hi:

In the new "automated exploitation area", you can use other tools and
finally you can have your own opinion...now, you can "exploit" the found
vulnerabilities... in Nessus, ISS Internet Scanner, Symantec NetRecon and
GFI LanGuard you only can test the vulnerabilities with few (or none)
possibilities of attack and compromise. Below, I show some tools:

Immunity's CANVAS http://www.immunitysec.com/ <- Commercial tool write in
Python
Exploitation Framework
http://www.securityforest.com/wiki/index.php/Exploitation_Framework <-
OpenSource tool with "massive amount of exploits available"
MetaSploit http://www.metasploit.com/ <-OpenSource tool - with Web GUI
ATK http://www.computec.ch/projekte/atk/main.html <-OpenSource tool write in
VB for Windows

For Core Impact, I think that it is a good tool but it has certain
limitations...the number of exploits... if you can use an exploit, you need
"port/rewrite" the code in the Core´s "standard"...the good thing in this
tool is the capacity of "pivot" the compromised host and to use it as
platform of attack against internal hosts...

I think that this tools must be used jointly with a clear metodology
(OSSTMM). A good automatic exploit framework must be 1) platform independent
2) good exploit collection 3) a intutive GUI 4) you can add new exploits
without rewrite the code 5) OpenSource and 6) good reporting tools.

Cordial saludo,

         Ing. David E. Acosta R.
      Security Consultant - CISSP
       Internet Solutions Colombia
  "The Information Security Experts"
http://www.internet-solutions.com.co
 david.acostainternet-solutions.com.co
       Phone (movil):(300)2089961
 Phone (office):(091)3120910 ext 17

CONFIDENCIAL. La información contenida en este e-mail y cualquier archivo
anexo es confidencial y sólo puede ser utilizada por el individuo o la
compañía a la cual está dirigido. Si no es usted el destinatario
autorizado, cualquier retención, difusión, distribución o copia de este
mensaje está prohibida y es sancionada por la ley. Si por error recibe este
mensaje, le ofrecemos disculpas y le agradecemos reenviar el mensaje al
emisor original y eliminarlo de su inbox inmediatamente.

----- Original Message -----
From: "Security Professional" <redteamergmail.com>
To: <pen-testsecurityfocus.com>
Sent: Tuesday, June 21, 2005 7:02 AM
Subject: Core Impact

Hey folks. I was just wondering if anyone out there has tried the
Core Impact product, or even better, purchased it and currently uses
it. If so, would you be so kind as to send me a quick down and dirty
of how you feel about this product? I am in the process of looking at
it and before I move any further, I would like to have the community's
thoughts on this Company and their product. Any comments would be
appreciated.

P.S. - Don't feel you have to post them publicly. Just send them
directly to me, unless you feel it is something everyone will benefit
from.