Slashdot Mirror
Metasploit Hacking Tool To Get Services-Based Model
ancientribe writes "Metasploit hacking tool creator HD Moore told Dark Reading that the open-source hacking tool soon will come with back-end services-based features aimed at offloading resource-intensive penetration testing tasks. This is a departure for the software-oriented Metasploit, and Moore and company just may be on to something: it turns out commercial penetration testing tool vendors are looking at adding services-based versions of their software. Immunity Inc. will do so this year, and Core Security Technologies is considering doing so as well."
Its about belief, some folks won't trust the model to simulate the production environment. Even if you make the VM or Ghost image right off of the real hardware, and put it onto another machine of the same model with the same specs, someone in the chain of command or legal will want to know if you tested the real thing.
And if it goes far enough, say after a data breach, leave it to a lawyer in court to ask if you on the stand, if tested the live system or some rigged demo designed to fool the auditors.