Fwd: Re: Forensics Tools?

[Security Enthusiast <z3ros3c () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm forwarding the conversation between Mr. Mooz and myself, so that my
fellow Security Enthusiasts might understand the reason behind BT4's
decision not to auto-start networking or auto-mount drives.

In a word, subtlety. :-)

Thanks, Mr. Mooz.

- -------- Original Message --------
Subject: Re: Forensics Tools?
Date: Mon, 19 Apr 2010 23:19:53 -0400
From: Adam Mooz <adam.mooz () gmail com>
To: Security Enthusiast <z3ros3c () gmail com>

To enable networking all you do is issue:
/etc/init.d/networking start
or maybe even:
networking start (havn't tried this method though, too used to using the
/etc/init.d/ method to start/stop services)
and it will autoprobe all possible network devices and start them.  If
you don't like this behaviour you can easily change it just like you can
for any linux distro.  In fact I'm sure there are threads on the BT
forums about how to undo the changes made in BT4 so networking auto
starts (taking a look into what the networking script is doing would be
a good start if there isn't.)  Some other suggestions, without going too
far out of scope for this mailing list: sticking the pertinent info in
/etc/networking/ or /etc/conf.d/networking (or wherever BT puts that
file) and modifying /etc/rc to un blacklist the networking modules.  Not
guaranteeing this will work but hey...it's a starting point.
Endeavouring to build your own pentest suite is a noble cause indeed,
but you're re-inventing the wheel and will probably end up with
something very similar to BT in the end - why not simply start with BT
and move up.  Don't forget there is also Helix 3 which I believe is
still free and Helix CE, which are useful, but aimed more at
forensics/post-attack gathering.  (most of the tools included there are
also in BT.)  Don't forget - for some of these tools you may have to
patch your kernel, create the config files, generate scripts to update
to the latest versions (unless you do this by hand, which isn't all that
good.)

For those on the list not familiar with BT, networking doesn't come up
on start for a good reason in a pentest suite: DHCP causes a lot of
noise, what good is a pentest distro if it starts tripping alarms or
leaving fingerprints on boot :)

- -----------------------------------------------------------------
Adam Mooz
Adam.Mooz () gmail com
http://www.AdamMooz.com

On 2010-04-19, at 11:07 PM, Security Enthusiast wrote:

> I've got a couple issues with the latest BackTrack release. For example,
> (and I know this is intentional, but it puts a thorn in my side) the
> only enabled network device is lo, by default. I don't remember how to
> enable eth0 or wlan0 to use the system's network capabilities. What good
> is a pen-test distro when I've got no clue how to use it for networking?
>
> Granted, this is a fault on my part, not on the part of BT4, but it's a
> fault I didn't have to deal with in BT3.
>
> I kind of want to design my own personalized hacking/forensics kit.
>
> However... I do love me some BackTrack... Do you know where I might
> learn how to configure eth0 and wlan0? If I could get that working, I
> might consider reinstalling BT4 on my netbook.
>
> ~SE
>
> On 04/19/2010 06:38 PM, Adam Mooz wrote:
> > Hello SE,
>
> > Backtrack is gaining traction all over the world as being the security distro of choice, exactly what it was 
> > designed to be.  I would use that as your base install and customize it from there.  As it's based on Debian, enable 
> > whatever other repo's you need to pull in any tools you find Backrack lacking.  While you're at it submit those 
> > tools to the Backtrack team for consideration on being included in the next iteration, and compiling others from 
> > source or SVN.   
>
> > -----------------------------------------------------------------
> > Adam Mooz
> > Adam.Mooz () gmail com
> > http://www.AdamMooz.com
>
> > On 2010-04-16, at 7:34 PM, Security Enthusiast wrote:
>
> > > Hello everyone! I'm putting together a custom computer, set up specifically for forensics and security analysis. 
> > > It's linux-based.
> > >
> > > I'd like to know what tools you'd advise using. I've seen a few (some are included on the latest backtrack distro) 
> > > but I'd like to know what are considered the industry standard.
> > >
> > > Thanks for your input!
> > >
> > > ~SE
> > >
> > > ------------------------------------------------------------------------
> > > Securing Apache Web Server with thawte Digital Certificate
> > > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > > certificates.
> > >
> > > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > > ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJLzSFDAAoJEKzDvVdJPE292IgIAJwSsY4uveKnIYbtieTYvNHe
sodMgT2vzgqORexx4l9lXNWamZlMgKvPPZk4grTTlpNMQfE8E5GecGsHWMJHVrv3
UNbDzPSlZh7Ek0anXqrwJA/OyNYtD+M76sdbvwCEgit6ZDPJnRk65YvcAqK6Qisl
VVQUXE9YJdKa7sJOk/1MG4LWqED4xIsQrVb2tP3dSie1SGDwfDuOFh4n7i7tmPqq
hW4crt64CKUiRaIlecvlnPY9WdTEAwFI/eymoGToZpXxbx481GRTGbYnzXUbzzbO
BsO6zL1Aph7CX5G1foKEFjg4G+imTDxMYhwOyvuXHby72PEOiRb2PHxPfL2W3j8=
=m1Xx
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------