I have been seeing the following banner on many posts lately: ------------------------------------------------------- Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980 ------------------------------------------------------- The company, Core Security, offers an Automated Pen-Testing Tool called Core Impact. Has anyone here used this tool, or has any thoughts based on their white paper? Any thoughts on potential legality or ethical issues (or even feasibility) of using an automated pen-testing tool at a client site? Part of their claim: "Commercial-grade exploit code. IMPACT provides the tester with a range of up-to-date, professionally developed and maintained exploits for different platforms, operating systems and applications. IMPACT exploits allow the tester to both audit for vulnerabilities and exploit the vulnerabilities to gain and retain access on the target host or application." Cheers, Glenn --------------------------------------------------------------------------- Latest attack techniques. You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. Visit us at: www.coresecurity.com/promos/sf_ept1 or call 617-399-6980 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jun 27 2003 - 12:08:08 PDT