[blibble]

what controls do you have to ensure consent from the target site?

[bko]

In the video demo they showed requiring a TXT in the DNS to confirm you have consent

[blibble]

so they'll point it a domain they control, then reverse proxy it onto their target?

[Sohcahtoa82]

And in the process, reveal their own IP address rather than MindFort's.

[blibble]

by theirs, you mean, the IP of a IoT device/router they've hacked

[icedchai]

What do you propose they do instead?

[blibble]

not offer automated targeted hacking as a service?

even the booters market themselves as as "legitimate stress testing tools for enterprise"

[chatmasta]

How about the would-be victims don’t ship exploitable software to production? If that’s not possible, then maybe they should signup for an automated targeted hacking service to find the exploitable bugs before someone else does.

Your argument is straight out of the 1990s. We’ve moved beyond this as an industry, as you can see from the proliferation of bug bounty programs, responsible disclosure policies, CVE transparency, etc…

[Sohcahtoa82]

> not offer automated targeted hacking as a service?

MindFort is not the first and won't be the last. There are plenty of DAST tools offered as a SaaS that are the same thing.

[bveiseh]

Yup as mentioned, we do the TXT verification of the domain. We also don't offer self service sign up, so we are able to screen customers ahead of time and regularly monitor for any bad behavior.