Security Basics mailing list archives
Re: Newbie Hacker Tools
From: Vijay Vikram <karpagamekapali () gmail com>
Date: Fri, 7 Jan 2005 13:30:57 +0530
Hi All, There is a bizzare amount of tools available and white/black hats available to do the job. However for the present situation ,as Edmond puts, Nessus is the choice of the hackers and Security Admins. Ethereal and Snort, ACID are other "types" of tools to audit the holes in the system and the possible fixes for them. A good security auditor does not stick to one tool to complete his job and would have 1. Ethereal 2. Nessus / SATAN / SAINT 3. SNORT / ACID 4. Tools from ISS- SAFE suite 5. Lopht from @stake 6. Netcat - the swiss army knife 7. Strobe / Blaster Scan 8. Rootkits and Anti Rootkits 9. Sniffers / TCP wrappers 10. Tripwire toolkits 11. Zombie Zappers to avoid DDoS and etc....... [the list is endless depending on the functionality and the areas used] On Thu, 6 Jan 2005 12:18:51 -0500, bernie () e-mich com <bernie () e-mich com> wrote:
Ed, Nessus is a very powerfull tool for finding exploits in servers and networks. If you have any specific questions feel free to ask me. I have used Nessus for an few years now and find it to be my tool of choice and it is also the tool of choice for many crackers and script kiddies looking to break into to things or to exploit networks. There are some very good articles out there on how to use Nessus, I would first go to www.securityfocus.com and search for Nessus there. This will give you a starting to with which to being using Nessus. Once you have a basic understanding of it then give me a shout if you need some help on implementing it and using it. B. Johnson Quoting Edmond Chow <echow () videotron ca>:Hello all, My name is Ed and I run a technology consulting company. I have begun offering computer security audits to my clients and, as I am not experienced in hacking, have been subcontracting this work out. The written reports that I have received back from the hackers leave much to be desired! Not knowing too much about intrusion detection but realizing that when almost nothing is found wrong (from a security viewpoint) with a client's network, I am in big trouble! Either the hacker does not have the experience to find any problems or there really are not any problems. On my first few audit assignments, I was barely able to break even as I had to hire two independent hackers for each i.e., a second hacker had to be hired to give me an independent assessment of the network. I then cut and pasted the two reports into a final "acceptable" one. I am at a crossroads where I can either give up on the security audits or learn to do them myself. I have chosen the latter and was hoping to get some help from experts like you. I realize that I will have a steep hill to climb but I feel confident that I can learn enough to be much more proficient that the hackers that I am currently paying. I'm really confused about what tools I need in my "toolkit" for Windows-related audits. I've heard a lot about Nessus as a freeware program but am confused when I go on the nessus.org site and see that it might not be free. Other programs I've heard of include nmap, SAINT, Newt. And, perhaps, there are tools out there (either free or not) that would provide me with an "audit in a box?" I'm guessing that the pros have a select few tools of the trade that they use. You've listed a bunch of tools on your site as well. I realize that ethical hacking is an art and that no two hackers will use exactly the same tools but I am hoping to learn to use the tools they most often use. Thanks for any help that you can shed on this subject. Regards, Ed---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Current thread:
- Newbie Hacker Tools Edmond Chow (Jan 06)
- Re: Newbie Hacker Tools bernie (Jan 06)
- Re: Newbie Hacker Tools Steve Sanders (Jan 07)
- Re: Newbie Hacker Tools Vijay Vikram (Jan 07)
- RE: Newbie Hacker Tools James McGee (Jan 07)
- RE: Newbie Hacker Tools skill2die4 (Jan 07)
- Re: Newbie Hacker Tools AdMod (Jan 07)
- Re: Newbie Hacker Tools Mordread Wallas (Jan 07)
- Re: Newbie Hacker Tools Corey LeBleu (Jan 07)
- Re: Newbie Hacker Tools Yann Autissier (Jan 07)
- Re: Newbie Hacker Tools Leif Ericksen (Jan 07)
- RE: Newbie Hacker Tools Edmond Chow (Jan 07)
- Re: Newbie Hacker Tools Spigga (Jan 10)
- Re: Newbie Hacker Tools James Eaton-Lee (Jan 10)
(Thread continues...)
- Re: Newbie Hacker Tools bernie (Jan 06)