PaulDotCom mailing list archives
Re: Pwn Plug and Nessus
From: David Maynor <dmaynor () gmail com>
Date: Wed, 28 Aug 2013 15:04:33 -0400
I like running PVS when I can, if not I will run tcpdump. It's good to have a packet log if you are doing anything deep. Not just from a CYA standpoint but also a "wow I suddenly have a password file and I don't know what I did to get it" log. I cannot count the number of times an app assessment hit serious pay dirt just messing around with wget and it took hours for me to notice let alone reproduce. PVS would have flagged a passed file download.
On Aug 28, 2013, at 10:06 AM, Ron Gula <rgula () tenable com> wrote: I've also gotten requests to run the Passive Vulnerability Scanner during pen tests (or more exactly, before the pen test) from a variety of folks who do that sort of thing for a living. Since it is a sniffer, if you can get it deployed ahead of time, you can get a great deal of intelligence without impacting anyone and have a very good sense of your targets and vulns before you start exploiting anything. Ron From: "Albert R. Campa" <abcampa () gmail com> Reply-To: PaulDotCom List <pauldotcom () mail pauldotcom com> Date: Wednesday, August 28, 2013 9:39 AM To: PaulDotCom List <pauldotcom () mail pauldotcom com> Subject: Re: [Pauldotcom] Pwn Plug and Nessus The pwnieexpress pentest appliance can though. http://pwnieexpress.com/products/enterprise-pentesting-appliance Also purehate mentioned another device, i cant remember the name, in one of his talks this year. I saw it on irongeek's youtube channel. I think it was his pass the hash like a rockstar talk.On Wed, Aug 28, 2013 at 6:47 AM, alec brecher <alec () atomd com> wrote: The pwn plug does not have the resources to run nessus on-board. Use the plug's reverse shell to proxy your nessus scans through the plug. -Alec -----Original Message----- From: Larry Petty <Larry.Petty () tribridge com> Reply-to: PaulDotCom Security Weekly Mailing List <pauldotcom () mail pauldotcom com> To: pauldotcom () mail pauldotcom com <pauldotcom () mail pauldotcom com> Subject: [Pauldotcom] Pwn Plug and Nessus Date: Thu, 22 Aug 2013 13:51:17 +0000 Does anyone have experience remotely running Nessus with something like the Pwn Plug? I need something small that will reverse SSH back and allow me to remotely launch Nessus scans. I have heard of people using the Pwn Plug, but I'm curious as to the performance and accuracy of the scans. Larry Petty Office: 813.287.8887 x 1136 Mobile: Fax: 813.287.8688 Email: Larry.Petty () tribridge com Tribridge Helping our Customers become more Productive, Profitable, Competitive and Secure The information contained in this message and its attachments is intended only for the recipient(s) named above. This information may be privileged and confidential in nature and protected by law. If the reader of this message is not the intended recipient, any further review, dissemination, distribution or copying of this information is strictly prohibited. If you received this communication in error, please delete the message with its attachments and notify the sender immediately. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Pwn Plug and Nessus Larry Petty (Aug 27)
- Re: Pwn Plug and Nessus alec brecher (Aug 28)
- Re: Pwn Plug and Nessus Albert R. Campa (Aug 28)
- Re: Pwn Plug and Nessus James Shewmaker (Aug 28)
- Message not available
- Fwd: FW: Pwn Plug and Nessus Larry Petty (Aug 29)
- Re: Pwn Plug and Nessus Albert R. Campa (Aug 28)
- Re: Pwn Plug and Nessus Ron Gula (Aug 28)
- Re: Pwn Plug and Nessus David Maynor (Aug 29)
- Re: Pwn Plug and Nessus alec brecher (Aug 28)