Penetration Testing mailing list archives
RE: hacking challenges
From: "Yonatan Bokovza" <Yonatan () xpert com>
Date: Mon, 5 Jul 2004 12:17:14 +0300
-----Original Message----- From: gilles.lami () hays-dsia fr [mailto:gilles.lami () hays-dsia fr] Sent: Friday, July 02, 2004 11:19 To: pen-test () securityfocus com Subject: hacking challenges Hello, What do you think about the numerous hacking challenges present on the web ? Do you think a good pen-tester should (or must ?) do these games and pass all levels of each one ? If so, well ... Why ? (Even if the answer of this question could be obvious).
Some of these challenges are pretty good in representing real-world scenarios, and some are pretty bad. There is a lot more to penetration testing than these challenges, but a good penetration tester should be able to deal with most of them.
Another thing very different, and i am sorry for this question i guess most of you must have already ridden several times: I have to build an action plan to specify how to react after a successfull hacking has been detected or suspected ( on a Windows or Unix machine for the moment ) What good readings could you advise ?
That is a topic called "Incident Handling". There is a different securityfocus mailing list for that, and I'd recommend reading CERT's CSIRT (Computer Security Incident Response Team) FAQ http://www.cert.org/csirts/csirt_faq.html and CSIRTs handbook: http://www.cert.org/archive/pdf/csirt-handbook.pdf Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems
Current thread:
- hacking challenges gilles . lami (Jul 04)
- Re: hacking challenges Tyler Durden (Jul 05)
- RE: hacking challenges Chris Eagle (Jul 05)
- Re: hacking challenges Robin Kastberg (Jul 06)
- RE: hacking challenges Ferruh Mavituna (Jul 07)
- <Possible follow-ups>
- RE: hacking challenges Yonatan Bokovza (Jul 05)
- RE: hacking challenges Rob.Willsey (Jul 06)
- Re: hacking challenges Tyler Durden (Jul 05)