Re: Tenable PVS on a pen test

[Ron Gula <rgula () tenable com>]

We’ve had a lot of interest in PVS from the pen tester community.

As a sniffer, you should deploy it on a span port, but that isn’t always an option.

If you can deploy it on a heavily visited system, you can run it there. The PVS runs fine on Sharepoint, Exchange, .etc 
and it will fingerprint and record the vulns of all systems that visit it over HTTP, SMB, .etc.

The most ideal deployment of the PVS is with cooperation from the team you are doing the audit on. I’m obviously a big 
fan of PVS’s ability to find vulns, but what is more valuable is finding targets for the pen test including enumeration 
of all web sites, active but fire-walled hosts and management ports like SSH, SNMP & Telnet.

Ron


From: Larry Petty <lspetty () gmail com<mailto:lspetty () gmail com>>
Reply-To: PaulDotCom List <pauldotcom () mail pauldotcom com<mailto:pauldotcom () mail pauldotcom com>>
Date: Monday, December 23, 2013 at 6:57 PM
To: PaulDotCom List <pauldotcom () mail pauldotcom com<mailto:pauldotcom () mail pauldotcom com>>
Subject: [Pauldotcom] Tenable PVS on a pen test


I'm a long time nessus user and love it. (I am forced to use Qualys for MSSP clients due to Tenable licensing,  but 
that's a different topic.) I recently purchased a PVS license and have been using it with great success on security 
arch reviews and internal vulnerability assessments.

I know some are using PVS on pen tests. How is this being employed without the use of a network tap or span port?  In 
my experience,  most customers won't allow these on a pen test.

If only I had a sonic screwdriver.  :)

Sent from my Nexus 7

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com