Penetration Testing mailing list archives
Re: OSCP
From: "J. Oquendo" <sil () infiltrated net>
Date: Tue, 18 Nov 2008 12:32:18 -0600
On Tue, 18 Nov 2008, Michael Condon wrote:
"wHaT to0L dO I yEwS" is an understandable question, considering that "some" CEH training covers tools that honestly aren't that good, or are outdated. And if one program reports an OS detection of a router and another reports Apache/probably running on Linux, it's not legitimate empirically to report just one result. Gut feelings/experience can't be scientifically replicated. And some of the software out there that is not free/open source is really not too good either.
"wHaT to0L dO I yEwS"
It's the question I often ignore or answer with an educational rambling of "What is the purpose of you using it, what are you trying to achieve". C|EH training is what you make of it. Me, I prefer to use common system tools whenever possible, the footprint is invisibile. Instead of giving people advice on tools when I see these sorts of questions, I try my best to have them understand the scope of what they're doing. For those who've been on this list and perhaps read my ramblings, I'm all for using one's own knowledge of a system or a protocol way before I'd even recommend any specific tool. It's my view that I won't always have any specific tool, then what? I improvise all the time and I've found that I've obtained better results this way time and time again. For me the reliance on any specific tool without checking things out on my own would be cheating the client of performing a realistic test for one, secondly I'd be cheating myself by not learning alternative measures. One would be surprised at the uses of curl, LWP, etc. So while one may criticize EC-Council's use of a billion tools (and I've done so myself) one has to also take a look at why they'd shove ten redundant scanners down one's throat. I don't agree with it at all, I say they should also focus on a "Tai Chi" like approach as well - using the system against itself, that's just my POV. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "Each player must accept the cards life deals him or her: but once they are in hand, he or she alone must decide how to play the cards in order to win the game." Voltaire 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Re: OSCP, (continued)
- Re: OSCP Pedro Drimel (Nov 17)
- Re: OSCP Michael Condon (Nov 18)
- Re: OSCP J. Oquendo (Nov 18)
- RE: OSCP Craig Wilson (Nov 18)