Re: TNG Pen Test Tool Questions

[Rob Fuller <jd.mubix () gmail com>]

Meh, same questions are always asked of pretty much any purchase IT or not.

1. Does it do what I need it to do (give me control of the system)
2. Is it reliable (switching protocols and comm methods is a technical
detail)
3. Does it have enough oomph (highly technical term, amount of
exploits/0day/MITM/Citrix voodoo)

I doubt very many pentesters will be asking for the features you have
described any time soon. I fear the day when pentesters start asking
FLAME/STUXNET questions like "Which $hardware/$software do you have a
backdoor in"


--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org


On Fri, Oct 25, 2013 at 1:34 PM, David Maynor <dave () erratasec com> wrote:

> And also "How many exploits does it have?"
> Not everybody is a exploit expert and someone in the chain of command will
> ask if your arbitary value A is larger than competitors arbitrary value A.
>
> On Oct 25, 2013, at 11:54 AM, Dave Aitel <dave () immunityinc com> wrote:
>
> > The future of penetration testing tools is coming up quickly, and all
> > the questions have changed on you.
> >
> > For example, it used to be that you would ask:
> >
> > o  "How many exploits does it have?"
> > o "How fast can it scan a class B?"
> > o "Can it connect back over HTTPS?"
> > o "Can it bounce from host to host within the internal network?"
> > o "Can you automatically choose the right client side attack when people
> > connect to you?"
> > o etc
> >
> > But here are some of the ones we're asking the INNUENDO dev team, which
> > I think are representative of the post FLAME/STUXNET world:
> > o "Is the local persistence store configurable between the registry and
> > file system or other covert data storage?"
> > o "Can I reconfigure the callback protocol on the fly during a file
> > transfer - and does this automatically happen if my HTTPS callback gets
> > suddenly blocked or shut down?"
> > o "How does it handle Citrix?"
> > o "Is the covert file storage automatically encrypted to C&C or is it
> > plaintext or what?"
> > o "Can I store exploit modules encrypted on the machine until the C&C
> > asks for them to be used?" (http://www.securelist.com/en/blog/208193781/
> )
> > o "Does it come with the ability to do raw socket injection on Windows 8
> > x64?"
> > o "How do I write a MITM module?"
> >
> > -dave
> >
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunityinc com
> > https://lists.immunityinc.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave