RE: root kit detection/penetration

["Chris Fahey" <cfahey () ceservices com>]

if you are going to root a client server you should first do a few things.
let them know they are vulnerable to a rootkit attack and get authorization to exploit it. unless it is stipulated in 
the contract that you will exploit all vulnerabilities black box style. also, do your best that when you root the box 
you are doing it in the most stealthy way possible (i.e. no DoS). furthermore, document everything you do. i recommend 
using vmware workstation 5 as your attack platform so as that you can record all of your keystrokes, commands, clicks, 
etc. this will provide you and your client with very robust documentation of how the box was rooted.

________________________________

From: cdewitt () indepthsec com [mailto:cdewitt () indepthsec com]
Sent: Tue 9/13/2005 9:55 AM
To: pen-test () securityfocus com
Subject: root kit detection/penetration



What are the best practices for penetration testing the viability of placing root kits on a client's external servers - 
vpn, web, app...?

And, while I'm asking - what are the best practices or countermeasures for root kit placement?

What root kits are still viable/current?

All comments/tomatoes welcome...cd

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------




This message (including attachments) contains confidential information from Competitive Edge Services, Ltd. intended 
for a specific individual and purpose. The contents of this message are protected by law and are only for the viewing 
or use of the intended recipient. If you are not the intended recipient, you should return this message to Competitive 
Edge Services, Ltd. and then delete the message. Disclosing, copying, distributing, or acting upon the contents of this 
message is strictly prohibited.


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------