Re: Penetration Techniques/Tool Used in the Testing

["William D. Colburn (aka Schlake)" <wcolburn () nmt edu>]

Should I be worried that you work for the FAA?  ;)

Check out http://www.nipc.gov/, specifically the CyberNotes at
http://www.nipc.gov/cybernotes/cybernotes.htm.  They are published every
two weeks, and might have a lot of what you are looking for.  You might
also check with CERT at http://www.cert.org/, since they publish regular
bullitens on the most frequent exploits being used, and SANS at
http://www.sans.org/, since they publish daily summaries of "news" about
hacking.

PS: SANS is kind of like the Weekly World News of the computer industry
so be careful of it.

On Thu, Jun 07, 2001 at 03:58:25PM -0400, Reza CTR Ghaffari wrote:
> Where can I get a listing of the most commonly used Penetration testing
> techniques within past twelve months. I would appreciate any input (white paper,
> specific web site, individual, institute or company name and phone numbers) that
> you could provide me. I would like to collect any statistical data regarding
> usage of these techniques if they are available. 
> I am also looking to find a list of top twenty or so vulnerabilities
> existing/introduced in the past twelve months. Backup data for each
> vulnerability would be helpful too. 
> I am writing a paper and like to cross reference list of the vulnerabilities
> with the penetration techniques that could identify the listed vulnerabilities
> in the tested system/network. Thank you
>
> Regards,
> Reza Ghaffari
> Email: Reza.CTR.Ghaffari () faa gov

--
William Colburn, "Sysprog" <wcolburn () nmt edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn