Newbie Hacker Tools

[Edmond Chow <echow () videotron ca>]

Hello all,

My name is Ed and I run a technology consulting company.  I have begun
offering computer security audits to my clients and, as I am not experienced
in hacking, have been subcontracting this work out.

The written reports that I have received back from the hackers leave much to
be desired!  Not knowing too much about intrusion detection but realizing
that when almost nothing is found wrong (from a security viewpoint) with a
client's network, I am in big trouble!  Either the hacker does not have the
experience to find any problems or there really are not any problems.

On my first few audit assignments, I was barely able to break even as I had
to hire two independent hackers for each  i.e., a second hacker had to be
hired to give me an independent assessment of the network.  I then cut and
pasted the two reports into a final "acceptable" one.

I am at a crossroads where I can either give up on the security audits or
learn to do them myself.  I have chosen the latter and was hoping to get
some help from experts like you.  I realize that I will have a steep hill to
climb but I feel confident that I can learn enough to be much more
proficient that the hackers that I am currently paying.

I'm really confused about what tools I need in my "toolkit" for
Windows-related audits.  I've heard a lot about Nessus as a freeware program
but am confused when I go on the nessus.org site and see that it might not
be free.  Other programs I've heard of include nmap, SAINT, Newt.

And, perhaps, there are tools out there (either free or not) that would
provide me with an "audit in a box?"  I'm guessing that the pros have a
select few tools of the trade that they use.  You've listed a bunch of tools
on your site as well.  I realize that ethical hacking is an art and that no
two hackers will use exactly the same tools but I am hoping to learn to use
the tools they most often use.

Thanks for any help that you can shed on this subject.

Regards,


Ed