Penetration Testing mailing list archives
RE: testing laptop based on bsd anyone
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Thu, 9 Mar 2006 23:57:44 -0800
Terry, I wasn't speaking about the relative strengths of security measures within an OS as a yardstick to determining viability as a pen-test platform. I was observing that, given BSD's focus on secure code, it's strange that there aren't more BSD-native tools available. There's a certain allure to BSD's security focus for a pen-test platform. However, most of the better known tools out there have multiple rpm/deb/portage (read:Linux) packages but very few also have BSD ports available.. Which reduces BSD users to compiling from source. With BSD's different lib and directory structures this can be a pain to deal with at times. The lack of BSD-centric pen-test tools is probably a combination of smaller mindshare/marketshare and the inherent differences from Linux. Having cut my teeth on OpenBSD back in the day I was hoping someone would chime in with some suggestions on BSD distros tailored for pen-testing. Someone mentioned Frenzy which I'll have to check out. Plus I was trying to stop the helpful (but not list relevant) suggestions on how Robin could fix his wifi drivers. There's better resources out there for that kind of support and didn't want to clutter the list with such a tangent. :) -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball"
-----Original Message----- From: Terry Vernon [mailto:tvernon24 () comcast net] Sent: Thursday, March 09, 2006 5:38 PM To: 'Erin Carroll'; 'Robin Wood' Cc: Woods_Beau () dkmc org; pen-test () securityfocus com Subject: RE: testing laptop based on bsd anyone I don't think security measures within a system have an after effect on compiled auditing tools. This makes the decision about which OS to use more specific to your hardware being detected without too much hassle and choice of tools based on platform. -Terry -----Original Message----- From: Erin Carroll [mailto:amoeba () amoebazone com] Sent: Thursday, March 09, 2006 6:00 PM To: Robin Wood Cc: Woods_Beau () dkmc org; pen-test () securityfocus com Subject: Re: testing laptop based on bsd anyone I still haven;t seen anyone really address what I thought was the most interesting aspect of what Robin was asking by implication: BSD-based pen-testing systems vs Linux-based. One would think that with BSD's focus on secure code and computing practices that it would be ideal for a pen-test and security-centric launchpad... but I've seen very few BSD-based distros or packages that weren't ports of Linux apps. Are there tings BSD is capable of doing due to system design that Linux can't (or do as easily) and vice-versa? Personally I don't have an operating system preference as I'll use whatever the best OS (tool) I need for the job at hand. That being said, I have run into cases where if something doesn't exist in the BSD ports packages, getting a tool installed and compiled from source can be a nightmare. YMMV On Wed, 8 Mar 2006, Robin Wood wrote:I had some time on my hands so just went for it andinstalled FreeBSD 6. Thebase system starts up ok so now I've got to start loadingall the tools onit. I've left plenty of drive space so I can dual bootwindows and linux ifneeds be so everything should be catered for. Off to get wifi working... Robin On 3/8/06, Robin Wood <dninja () gmail com> wrote:I had some time on my hands so just went for it andinstalled FreeBSD 6. The base system starts up ok so now I've got to start loading all the tools on it. I've left plenty of drive space so I can dual boot windows and linux if needs be so everything should be catered for.Off to get wifi working... Robin On 3/8/06, Woods_Beau () dkmc org < Woods_Beau () dkmc org> wrote:check out FreeSBIE -- They have a nice little live CDthat boots BSD. They also have a live CD creator, so you can get BSD going the way you want it on your hard drive, then turn that custom distro into a live CD. That could come in handy if you want to run Windows or something else and don't want to dual boot.----- Beau Woods Information Security Analyst DeKalb Medical Center (404)501-3825 beau_woods () dkmc org "Robin Wood" <dninja () gmail com> 03/07/2006 05:23 PM To pen-test () securityfocus com cc Subject testing laptop based on bsd anyone Hi I'm having problems with wireless pen-tests due to thelinux driversfor my wireless card and someone suggested trying oneof the BSDs.Does anyone here use BSD as a base system forpen-testing from? I wasgoing to go with FreeBSD as I have a little knowledgeof it already.Any tips, tricks or gotchas? Thanks Robin-------------------------------------------------------------- -------------- --This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise,you need to proactivelyprotect your applications from hackers. Cenzic has the mostcomprehensivesolutions to meet your application securitypenetration testing andvulnerability management needs. You have an option to go with amanagedservice (Cenzic ClickToSecure) or an enterprisesoftware (Cenzic Hailstorm).Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit foryou to confirm yourresults from other product. Contact us at request () cenzic com-------------------------------------------------------------- -------------- --________________________________CONFIDENTIALITY NOTICE: This e-mail, including attachments,is for thesole use of the individual(s) to whom it is addressed, andmay containconfidential and privileged information, including HIPAA protected PHI. Any unauthorized review, use, disclosure, distribution, or reproduction is prohibited. If you have received thise-mail in error,please notify the sender by reply e-mail and destroy thismessage andits attachments in its entirety.-------------------------------------------------------------- -------------- --This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need toproactivelyprotect your applications from hackers. Cenzic has the mostcomprehensivesolutions to meet your application security penetration testing and vulnerability management needs. You have an option to gowith a managedservice (Cenzic ClickToSecure) or an enterprise software (CenzicHailstorm).Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for youto confirm yourresults from other product. Contact us at request () cenzic com-------------------------------------------------------------- -------------- ---------------------------------------------------------------- -------------- -- This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com -------------------------------------------------------------- -------------- -- -------------------------------------------------------------- ---------------- This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com -------------------------------------------------------------- ---------------- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- testing laptop based on bsd anyone Robin Wood (Mar 07)
- Re: testing laptop based on bsd anyone Ivan . (Mar 08)
- Re: testing laptop based on bsd anyone Robin Wood (Mar 08)
- Message not available
- Message not available
- Re: testing laptop based on bsd anyone Robin Wood (Mar 08)
- Re: testing laptop based on bsd anyone Erin Carroll (Mar 09)
- RE: testing laptop based on bsd anyone Terry Vernon (Mar 09)
- RE: testing laptop based on bsd anyone Erin Carroll (Mar 10)
- Re: testing laptop based on bsd anyone Robin Wood (Mar 10)
- Re: testing laptop based on bsd anyone Robin Wood (Mar 10)
- Message not available
- Re: testing laptop based on bsd anyone Ivan . (Mar 08)
- Re: testing laptop based on bsd anyone Robin Wood (Mar 09)
- <Possible follow-ups>
- RE: testing laptop based on bsd anyone Strand, John (Mission Systems) (Mar 08)
- RE: testing laptop based on bsd anyone Norbert Murzsa (Mar 09)