@ozurie This argument cycles back around every few weeks, but unlike birdsite, here actually seems to be conducive to conversations :D

With that being said, Bad guys are going to bad guy. They were doing it before Cult of the Dead Cow released Back Orifice, and will continue long after we're all dead and gone.

As a blue teamer, I don't have the tools or time to learn everything about red teaming to be an effective adversary for myself and the things I build. I also don't work for an org with a large enough budget to bring in full time red team staff to pound on my security controls all day.

But, Metasploit is a super easy way for me to implement a control and them hammer against it with little to no additional knowledge.

It goes back to the guns argument. Are guns bad? No, at best they are amoral. But are they dangerous? Absolutely.
I'd prefer to have them than to not have them any day of the week. Same with #metasploit #cobaltStrike etm,

Happy to hear any rebuttal and to work out what a better option is for this kind of security assurance testing.

#infosec #security #redteam #threatactor #securityassurance #securitytools