Attackers and exploitation tools are false negative heavy. Not all exploits have the same reliability as to not produce false negatives. This could be as simple as an IT person using a default Metasploit exploit which simply did not succeed because their AV had signatures for it or another older exploit requiring Java as a dependency to bypass ASLR vs. an exploit toolkit that does not.
Obviously there is an important place in security for exploitation tools (and more so people who know how to use them) but not sure using false negative prone tools to clean up false positives is it. -Marc On Tue, Mar 25, 2014 at 11:24 AM, Dave Aitel <[email protected]> wrote: <snip> > I think one > problem is of course that continuous external scanning is false positive > heavy. Attackers have no false positives - they either got inside the > network or they didn't. It's a hole in Qualys's strategy that Rapid7 > definitely saw - to integrate exploitation into scanning. <snip> _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
