Is metasploit an offensive security tool?
-
-
Replying to @taviso @uncl3dumby and
Metasploit in aggregation is an Offensive Security Tool. The exploits contained within are not Offensive Security Tools.
2 replies 0 retweets 3 likes -
Replying to @anthomsec @QW5kcmV3 and
"OSTs do not involve a software flaw"pic.twitter.com/7Rf3cBE4UT
1 reply 0 retweets 3 likes -
Replying to @detective_6 @taviso and
They do not involve a bug. There's a nuanced discussion about whether or not a configuration that results in a vulnerability is on the table. As far as I have defined OSTs, they are not dependent on a bug in software. Those would be exploits. OSTs do not require exploits.
3 replies 1 retweet 3 likes -
Replying to @anthomsec @QW5kcmV3 and
I think especially in this context software flaw is a much broader term than a software bug... maybe that’s nit picky but this is an incredibly interesting point I’m thinking through
1 reply 0 retweets 2 likes -
Replying to @uncl3dumby @detective_6 and
These are the kinds of real conversations I'm interested in. I offered a first best shot at the Offensive Security Tool definition, and I've since modified it with feedback. The idea is there's no patch that nullifies the utility of the OST. This distinction is key.
1 reply 0 retweets 1 like -
Replying to @anthomsec @QW5kcmV3 and
Sorry, but it's just no different from trying to differentiate lockpicks and tools from lock vulnerabilities at the Great Exhibition. You can debate it if you want, but I'm not interested!
3 replies 0 retweets 9 likes -
Replying to @taviso @uncl3dumby and
Thanks for the feedback. I'm sorry you feel that way. That said I respect your departure from the conversation. That said, I don't think your work will be impacted in any way.
1 reply 0 retweets 1 like -
-
Replying to @taviso @uncl3dumby and
Multiple people have already decided to not publish to the open internet, and so that's all victories in the path to a better model. Thanks again for the quick thread. If you take nothing else away, OSTs are not dependent on a software bug, which is your focus.
3 replies 0 retweets 3 likes
I think security tools will survive, as they have after every previous debate. Maybe I don't understand security tools (?) and this is the one, so good luck with that.
-
-
Replying to @taviso @uncl3dumby and
As I mentioned, I appreciate your feedback. OSTs are not dependent on a bug. Some percentage of people will always do whatever they want to do. This is security; there's no absolutes, and there's no finish line. Only winning, losing, and lost. Thanks again for the dialogue.
1 reply 0 retweets 1 like -
Replying to @anthomsec @QW5kcmV3 and
I should start leaving shivs all over every city I visit and see what happens when my lawyers cite infosec Twitter. I'm sure I'll go fine. (Narrator: it won't.)
1 reply 0 retweets 1 like - 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
