oleDB,

     Again, my statement has nothing to do with White Hat vs. Black Hat.  It has to do with those developing the tools and discovering the exploits vs. those who simply know how to run the exploits via the tools provided.  I don't see a disagreement between my statement, Kev's and anybody elses.  We are talking about two different classifications of people.  Kev is talking about Black Hat vs. White Hat, I'm talking about those who discover exploits and create tools vs. someone who simply knows how to use a previously developed tool with an exploit created and discovered by someone else.  In my opinion, the creator of Metasploit would have more technical knowledge than a person who simply knows how to run Metasploit commands.  Would you guys disagree with that? 

Dan

Kev and Others,


     My comment about the underground had nothing to do with Black Hat vs. White Hat.  The point I was trying to get across was that the people who discover the vulnerabilities and write tools to run the applicable exploits have more knowledge than those that simply learn how to run the tools.  These engineers are not necessarily part of the CISSP, CEH, etc. cert process.  Metasploit is a good example.  Ethical Hackers are taught how to launch exploits with that tool, but that doesn't require as much knowledge as discovering the vulnerability in the first place and creating the tool to take advantage of it.  The typical Corporate Security guy isn't discovering new vulnerabilities and writing his own exploits.  He is garnering the knowledge of others and applying that knowledge.  That was my point.

Thoughts?

Dan