Security Basics mailing list archives
Fwd: Re: Forensics Tools?
From: Security Enthusiast <z3ros3c () gmail com>
Date: Mon, 19 Apr 2010 23:36:35 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm forwarding the conversation between Mr. Mooz and myself, so that my fellow Security Enthusiasts might understand the reason behind BT4's decision not to auto-start networking or auto-mount drives. In a word, subtlety. :-) Thanks, Mr. Mooz. - -------- Original Message -------- Subject: Re: Forensics Tools? Date: Mon, 19 Apr 2010 23:19:53 -0400 From: Adam Mooz <adam.mooz () gmail com> To: Security Enthusiast <z3ros3c () gmail com> To enable networking all you do is issue: /etc/init.d/networking start or maybe even: networking start (havn't tried this method though, too used to using the /etc/init.d/ method to start/stop services) and it will autoprobe all possible network devices and start them. If you don't like this behaviour you can easily change it just like you can for any linux distro. In fact I'm sure there are threads on the BT forums about how to undo the changes made in BT4 so networking auto starts (taking a look into what the networking script is doing would be a good start if there isn't.) Some other suggestions, without going too far out of scope for this mailing list: sticking the pertinent info in /etc/networking/ or /etc/conf.d/networking (or wherever BT puts that file) and modifying /etc/rc to un blacklist the networking modules. Not guaranteeing this will work but hey...it's a starting point. Endeavouring to build your own pentest suite is a noble cause indeed, but you're re-inventing the wheel and will probably end up with something very similar to BT in the end - why not simply start with BT and move up. Don't forget there is also Helix 3 which I believe is still free and Helix CE, which are useful, but aimed more at forensics/post-attack gathering. (most of the tools included there are also in BT.) Don't forget - for some of these tools you may have to patch your kernel, create the config files, generate scripts to update to the latest versions (unless you do this by hand, which isn't all that good.) For those on the list not familiar with BT, networking doesn't come up on start for a good reason in a pentest suite: DHCP causes a lot of noise, what good is a pentest distro if it starts tripping alarms or leaving fingerprints on boot :) - ----------------------------------------------------------------- Adam Mooz Adam.Mooz () gmail com http://www.AdamMooz.com On 2010-04-19, at 11:07 PM, Security Enthusiast wrote:
I've got a couple issues with the latest BackTrack release. For example, (and I know this is intentional, but it puts a thorn in my side) the only enabled network device is lo, by default. I don't remember how to enable eth0 or wlan0 to use the system's network capabilities. What good is a pen-test distro when I've got no clue how to use it for networking? Granted, this is a fault on my part, not on the part of BT4, but it's a fault I didn't have to deal with in BT3. I kind of want to design my own personalized hacking/forensics kit. However... I do love me some BackTrack... Do you know where I might learn how to configure eth0 and wlan0? If I could get that working, I might consider reinstalling BT4 on my netbook. ~SE On 04/19/2010 06:38 PM, Adam Mooz wrote:Hello SE,Backtrack is gaining traction all over the world as being the security distro of choice, exactly what it was designed to be. I would use that as your base install and customize it from there. As it's based on Debian, enable whatever other repo's you need to pull in any tools you find Backrack lacking. While you're at it submit those tools to the Backtrack team for consideration on being included in the next iteration, and compiling others from source or SVN.----------------------------------------------------------------- Adam Mooz Adam.Mooz () gmail com http://www.AdamMooz.comOn 2010-04-16, at 7:34 PM, Security Enthusiast wrote:Hello everyone! I'm putting together a custom computer, set up specifically for forensics and security analysis. It's linux-based. I'd like to know what tools you'd advise using. I've seen a few (some are included on the latest backtrack distro) but I'd like to know what are considered the industry standard. Thanks for your input! ~SE ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJLzSFDAAoJEKzDvVdJPE292IgIAJwSsY4uveKnIYbtieTYvNHe sodMgT2vzgqORexx4l9lXNWamZlMgKvPPZk4grTTlpNMQfE8E5GecGsHWMJHVrv3 UNbDzPSlZh7Ek0anXqrwJA/OyNYtD+M76sdbvwCEgit6ZDPJnRk65YvcAqK6Qisl VVQUXE9YJdKa7sJOk/1MG4LWqED4xIsQrVb2tP3dSie1SGDwfDuOFh4n7i7tmPqq hW4crt64CKUiRaIlecvlnPY9WdTEAwFI/eymoGToZpXxbx481GRTGbYnzXUbzzbO BsO6zL1Aph7CX5G1foKEFjg4G+imTDxMYhwOyvuXHby72PEOiRb2PHxPfL2W3j8= =m1Xx -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Forensics Tools? Security Enthusiast (Apr 19)
- Re: Forensics Tools? Justin Wildeboer (Apr 20)
- RE: Forensics Tools? Alan.Daley (Apr 20)
- Re: Forensics Tools? Adam Mooz (Apr 20)
- Re: Forensics Tools? Nikhil Wagholikar (Apr 20)
- RE: Forensics Tools? Jan Botha ELRDubai (Apr 20)
- <Possible follow-ups>
- Fwd: Re: Forensics Tools? Security Enthusiast (Apr 20)
- Re: Forensics Tools? lukasz (Apr 20)
- Re: Forensics Tools? Justin Wildeboer (Apr 26)
- Re: Forensics Tools? Justin Wildeboer (Apr 20)