Skip to content

Using The Metasploit Framework Contents

Tools have the following downsides:
- Create a comfort zone that will be hard to break out of when learning new skills.
- Create a security risk just because they are published online for everyone to see and use.
- Create a tunnel vision effect: "If a tool cannot do it, neither can I".

While automated tools are important and can be utilised they should remain a tool which can be used and not a cure-all solution to all problems, which causes reliance, limiting attack vectors.

In this same regard, more and more automated security tools, have made their way into the public domain (e.g. NSA Release of Security Tools) which create more possibilities for the wannabe malicious actors with little to no knowledge of the industry, upon to exact their desires, or boost their ego via flaunting endeavours.

DisciplineΒΆ

A disserting factor of the current stage of the world, is the constantly evolving advances in existing techniques, protocols, and systems.

  • We will never have enough time to complete the assessment. With the number of technologies in use in every single environment variation, we will not be offered the time to do a complete, comprehensive assessment. Time is money, and we are on the clock for a non-tech-savvy customer, and we need to complete the bulk of the work first: the issues with the most potential impact and highest remediation turnover.

  • Credibility can be an issue even if we make our tools or manually exploit every service. We are not competing against other industry members but rather against pre-set economic conditions and personal beliefs from the customer management level. They would not comprehend or give much importance to accolades. They just want the work done in the highest possible quantity, in the least amount of time.

  • You only have to impress yourself, not the infosec community. If we achieve the first, the latter will come naturally. Using the same example as above, many artists with an online presence stray from their original goals in pursuit of online validation. Their art becomes stale and generic to the keen eye, but to the everyday user, it contains the wanted visual elements and themes, not those their followers do not yet know they want. As security researchers or penetration testers, we only must validate vulnerabilities, not validate our ego.

No Exercises in this section.ΒΆ

Next Section