[Security Weekly] NSA Toolkit and pentesting

[Jamil Ben Alluch <jamil () autronix com>]

Hello,

Over the last week I haven't seen a discussion on this matter I wanted to
launch the debate out there, as I read more in depth about the NSA toolkit
that has been made publicly available.

As penetration testers we depend on the skills that we have acquired and
the potential use of the toolset available under our belt in order to
perform our jobs. Some of these reverse engineered projects from the "NSA
toolkit" are being presented at DEFCON XXII.

Do you think such additions to your toolbox will have an impact on your
pentesting approach and information gathering capabilities on certain
projects in comparison to what you've been able to do without?
Do you plan on using such tools, and how will you benefit from the
technology?

I'm really curious about other infosec professionals on this matter.

References:
https://www.eff.org/document/20131230-appelbaum-nsa-ant-catalog
http://www.nsaplayset.org/project-requirements
http://www.theregister.co.uk/2014/06/19/hackers_reverseengineer_nsa_spying_devices_using_offtheshelf_parts/

Best Regards,

*--*
*Jamil Ben Alluch, ing. jr, GCIH*
[image: Autronix] <http://www.autronix.com>
*Information Technology & Security Consulting*
jamil () autronix com
+1-819-923-3012
+1-877-564-7656 e.123
ᐧ

_______________________________________________
securityweekly mailing list
securityweekly () mail securityweekly com
http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly
Main Web Site: http://pauldotcom.com