Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: testing laptop based on bsd anyone

From: "Erin Carroll" <amoeba () amoebazone com>
Date: Thu, 9 Mar 2006 23:57:44 -0800
Terry,

I wasn't speaking about the relative strengths of security measures within
an OS as a yardstick to determining viability as a pen-test platform. I was
observing that, given BSD's focus on secure code, it's strange that there
aren't more BSD-native tools available. There's a certain allure to BSD's
security focus for a pen-test platform. However, most of the better known
tools out there have multiple rpm/deb/portage (read:Linux) packages but very
few also have BSD ports available.. Which reduces BSD users to compiling
from source. With BSD's different lib and directory structures this can be a
pain to deal with at times. The lack of BSD-centric pen-test tools is
probably a combination of smaller mindshare/marketshare and the inherent
differences from Linux.

Having cut my teeth on OpenBSD back in the day I was hoping someone would
chime in with some suggestions on BSD distros tailored for pen-testing.
Someone mentioned Frenzy which I'll have to check out.

Plus I was trying to stop the helpful (but not list relevant) suggestions on
how Robin could fix his wifi drivers. There's better resources out there for
that kind of support and didn't want to clutter the list with such a
tangent. :)


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball" 



-----Original Message-----
From: Terry Vernon [mailto:tvernon24 () comcast net] 
Sent: Thursday, March 09, 2006 5:38 PM
To: 'Erin Carroll'; 'Robin Wood'
Cc: Woods_Beau () dkmc org; pen-test () securityfocus com
Subject: RE: testing laptop based on bsd anyone

I don't think security measures within a system have an after 
effect on compiled auditing tools. This makes the decision 
about which OS to use more specific to your hardware being 
detected without too much hassle and choice of tools based on 
platform.

-Terry

-----Original Message-----
From: Erin Carroll [mailto:amoeba () amoebazone com]
Sent: Thursday, March 09, 2006 6:00 PM
To: Robin Wood
Cc: Woods_Beau () dkmc org; pen-test () securityfocus com
Subject: Re: testing laptop based on bsd anyone


I still haven;t seen anyone really address what I thought was the most
interesting aspect of what Robin was asking by implication: BSD-based
pen-testing systems vs Linux-based. One would think that with 
BSD's focus
on secure code and computing practices that it would be ideal for a
pen-test and security-centric launchpad... but I've seen very few
BSD-based distros or packages that weren't ports of Linux 
apps. Are there
tings BSD is capable of doing due to system design that Linux 
can't (or do
as easily) and vice-versa?

Personally I don't have an operating system preference as I'll use 
whatever the best OS (tool) I need for the job at hand. That 
being said, I 
have run into cases where if something doesn't exist in the BSD ports 
packages, getting a tool installed and compiled from source can be a 
nightmare. YMMV





On Wed, 8 Mar 2006, Robin Wood wrote:


I had some time on my hands so just went for it and 

installed FreeBSD 6.
The

base system starts up ok so now I've got to start loading 

all the tools on

it. I've left plenty of drive space so I can dual boot 

windows and linux
if

needs be so everything should be catered for.

Off to get wifi working...

Robin

On 3/8/06, Robin Wood <dninja () gmail com> wrote:


I had some time on my hands so just went for it and 

installed FreeBSD 6.
The base system starts up ok so now I've got to start loading 
all the tools
on it. I've left plenty of drive space so I can dual boot 
windows and linux
if needs be so everything should be catered for.


Off to get wifi working...


Robin



On 3/8/06, Woods_Beau () dkmc org < Woods_Beau () dkmc org> wrote:



check out FreeSBIE -- They have a nice little live CD 

that boots BSD.
They also have a live CD creator, so you can get BSD going 
the way you want
it on your hard drive, then turn that custom distro into a 
live CD.  That
could come in handy if you want to run Windows or something 
else and don't
want to dual boot.


 -----
 Beau Woods
 Information Security Analyst
 DeKalb Medical Center
 (404)501-3825
 beau_woods () dkmc org






"Robin Wood" <dninja () gmail com>


03/07/2006 05:23 PM


To pen-test () securityfocus com

cc


Subject
 testing laptop based on bsd anyone








Hi
 I'm having problems with wireless pen-tests due to the 

linux drivers

 for my wireless card and someone suggested trying one 

of the BSDs.

 Does anyone here use BSD as a base system for 

pen-testing from? I was

 going to go with FreeBSD as I have a little knowledge 

of it already.

 Any tips, tricks or gotchas?

 Thanks

 Robin




--------------------------------------------------------------
--------------
--


 This List Sponsored by: Cenzic

 Concerned about Web Application Security?
 As attacks through web applications continue to rise, 

you need to
proactively

 protect your applications from hackers. Cenzic has the most

comprehensive

 solutions to meet your application security 

penetration testing and

 vulnerability management needs. You have an option to go with a

managed

 service (Cenzic ClickToSecure) or an enterprise 

software (Cenzic
Hailstorm).

 Download FREE whitepaper on how a managed service can help you:
 http://www.cenzic.com/news_events/wpappsec.php
 And, now for a limited time we can do a FREE audit for 

you to confirm
your

 results from other product. Contact us at request () cenzic com


--------------------------------------------------------------
--------------
--





  ________________________________

CONFIDENTIALITY NOTICE: This e-mail, including attachments, 

is for the

sole use of the individual(s) to whom it is addressed, and 

may contain

confidential and privileged information, including HIPAA protected
PHI. Any unauthorized review, use, disclosure, distribution, or
reproduction is prohibited. If you have received this 

e-mail in error,

please notify the sender by reply e-mail and destroy this 

message and

its attachments in its entirety.









--------------------------------------------------------------
--------------
--

This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to

proactively 

protect your applications from hackers. Cenzic has the most 

comprehensive 

solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go 

with a managed 

service (Cenzic ClickToSecure) or an enterprise software (Cenzic

Hailstorm). 

Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you 

to confirm your


results from other product. Contact us at request () cenzic com


--------------------------------------------------------------
--------------
--






--------------------------------------------------------------
--------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to
proactively 
protect your applications from hackers. Cenzic has the most 
comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with 
a managed 
service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm).

Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to 
confirm your 
results from other product. Contact us at request () cenzic com
--------------------------------------------------------------
--------------
--


--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you 
need to proactively 
protect your applications from hackers. Cenzic has the most 
comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with 
a managed 
service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to 
confirm your 
results from other product. Contact us at request () cenzic com
--------------------------------------------------------------
----------------

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release 
Date: 3/9/2006
 



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006
 


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: