Say you're doing a pentest, and your target has an IDS/IPS to both prevent infiltration and exfiltration of data. And while you discover a system that is vulnerable, the payload that you want to deploy to this vulnerable system would normally trigger an alert by an IDS. With some of the tools in MSF and BackTrack, you can use an encoding process to obfuscate the payload enough to get past the IDS/IPS.
Now a blackhat would be able to do this without BT or Metasploit. The tools are out there, and well known. So the fact that these tools are in BT and Metasploit doesn't change that. But it does make it easier for a pentester to prove a system is vulnerable, and to help a company address their vulnerabilities through remediation.
Now a blackhat would be able to do this without BT or Metasploit. The tools are out there, and well known. So the fact that these tools are in BT and Metasploit doesn't change that. But it does make it easier for a pentester to prove a system is vulnerable, and to help a company address their vulnerabilities through remediation.