Penetration Testing mailing list archives
Re: Tools to use for Penetration Testing?
From: "J. Oquendo" <sil () infiltrated net>
Date: Sat, 13 Sep 2008 14:44:44 -0500
On Sat, 13 Sep 2008, Shenk, Jerry A wrote:
Most tools from 2004 will still work...some links might be a problem but the tools work. Don't get too excited about a "wasting time" on old tools. There are still a LOT of old holes. You need the new stuff too but you'd better catch the old stuff.
I need to fix my car, therefore I will go into Sears purchase every single automotive related tool, take my car apart, hope to understand what I'm doing, then attempt to put it back together. Can anyone tell me which tools I can buy to undergo this task? Downloading tools means nothing if you don't fully understand what it is you are doing. Take the time to learn the protocols, how things work, learn how intercommunications work before attempting to just download every tool you can find. Penetration testing is not always a science and not always an art. There is a lot of information to be understood. So you go and download all these tools for what? Would you understand how to glean info from a packet capture? Would you understand the difference between networks, servers, protocols. My suggestion would be to begin reading into the OSI layers then moving on to RFC's. I'd start with networking since without a network, there would be no compromise. Local machine with login, sure, but there could be no hacks pulled off on the LAN side since there is no connectivity. Understand how processes communicate with each other, how and why things happen. Its easier down the road to understand what is going on in terms of security. One doesn't need uber tools if one knows what they're doing from the protocol level on up. Suggestion: Learn networking, learn systems, learn protocols otherwise you end up devaluing the works of others not to mention yourself. A monkey can be trained to run a tool and most tools out there are that simple. Understanding the entire range of the what you are doing is better in the long run, think about it, if I hired you to perform a pentest on my network and you couldn't explain to me what it is you intend on looking for, how it works in my network, what functions my vulnerabilities perform, why I should remove these functions, I'd sit back in my desk and think the script kiddiot in you. Too many (quote) professional pentesters have been taking this attitude: "I use Cenzic!@$" that it makes me wonder where this industry is headed. It also makes me think about how many vulnerabilities unclued pentesters can bring into an environment. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, CNDA, CHFI, OSCP "A good district attorney can indict a ham sandwich if he wants to ... The accusations harm as much as the convictions ... they're obviously harmful or it wouldn't be news.." - John Carter wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Tools to use for Penetration Testing? Chip Panarchy (Sep 10)
- Message not available
- Re: Tools to use for Penetration Testing? Chip Panarchy (Sep 12)
- RE: Tools to use for Penetration Testing? Shenk, Jerry A (Sep 13)
- Re: Tools to use for Penetration Testing? J. Oquendo (Sep 14)
- Re: Tools to use for Penetration Testing? Chip Panarchy (Sep 12)
- Message not available
- RE: Tools to use for Penetration Testing? Ardian Silvano (Sep 12)
- Re: Tools to use for Penetration Testing? Thorgul (Sep 12)
- RE: Tools to use for Penetration Testing? Veal, Richard (Sep 12)
- RE: Tools to use for Penetration Testing? Rivest, Philippe (Sep 12)
- Re: Tools to use for Penetration Testing? Todd Haverkos (Sep 12)
- <Possible follow-ups>
- Re: Tools to use for Penetration Testing? Jon Kibler (Sep 12)
- Re: Tools to use for Penetration Testing? Nikhil Wagholikar (Sep 12)
- Tools to use for Penetration Testing? christopher . riley (Sep 12)
- Re: Tools to use for Penetration Testing? philip . finn (Sep 12)