Other alternative commercial solution CORE Impact available on http://www.coresecurity.com/products/coreimpact/index.php, you can watch a flash demo on site if you want
Xavier POLI -------------------------------------- Director R&D - http://www.infratech.fr Webmaster - http://www.secuobs.com ---------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evgeny Demidov Sent: mercredi 28 avril 2004 11:27 To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] no more public exploits Hello, >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >nicolas vigier wrote: > >| On Tue, 27 Apr 2004, Dave Aitel wrote: >| >|> Well, if it's that much of an issue, you can always buy your >|> exploits from a commercial source, such as Immunity >|> (http://www.immunitysec.com/CANVAS/ . We have an LSASS (one exploit >|> fits all) and a PCT exploit (ported from SP0-4), so you can show all >|> your management exactly why they should patch. And you can also feel >|> secure that the exploits you download aren't trojaned when you're >|> using something with commercial support. At $995 for a full site >|> license, including source, CANVAS is cheaper than the alternative... >| >| >| This is interesting ... This mean that anyone who have enought money >| can get the exploits they want. And if people can get theses exploits >| as easily, an admin cannot ignore them, and there is no reason to >| avoid a public release because the people who really want them for a >| bad action aldready have them (they only need money). >| >| And this program seems pretty usefull ... Does any open source >| program similar to this one aldready exists ? >| >Well, we only sell to corporations for the most part, but KPMG would >qualify. Many of KPMG's competition use it. :> > >The open-source "similar" would be Metasploit, but it doesn't have >commercial support (yet) :> Dave Aitel >Immunity, Inc. >http://www.immunitysec.com/CANVAS/ "Fun for all ages" Well, there is another commercial alternative - VulnDisco (http://www.gleg.net/index.php?sub=1&id=vulndisco). Some of the exploits already have Metasploit modules for them (modules were written at client's request). Best regards, -Evgeny Demidov _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
