Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Tools for pen-test

From: "Aaron Stillwell" <astillwell () epok net>
Date: Fri, 5 Jun 2009 10:35:05 -0400
Hello Etienne,

  My company, Epok, is working with George Mason University to help
commercialize the Topological Vulnerability Analysis Tool Cauldron.
Cauldron was developed by the CSIS department @ GMU and funded by the
Department of Homeland Security. 

A little history and background on TVA Technology...

Researchers at CSIS pioneered the modeling and simulation of complex
multi-step attacks through networks, an approach known as Topological
Vulnerability Analysis (TVA).  This approach captures the network
configuration, vulnerabilities, connectivity, etc., and matches this
information against a comprehensive database of modeled attacker
exploits, thus predicting all possible paths of vulnerability through a
network.  Analysis and visualization of the resulting attack graphs
provides optimal strategies for minimizing attack risks, and provides
context for attack response planning and situational awareness.  By
mapping paths of vulnerability through our networks, we pro-actively
reduce exposure while minimizing deployment costs.  Then, under actual
attack, we can correlate and prioritize alarms, and formulate very
precise attack responses.  TVA can also guide the post-attack forensics
process, providing hypothesis for possible attacker actions.  TVA
technology involves a variety of key areas in information security,
computer networking, data analysis, and software engineering.  It
predicts all possible network attack paths, simulating an exhaustive red
team exercise against the network, for optimal blue team mitigation.  It
incorporates a storehouse of knowledge gathered by security researchers
and practitioners, tailored to a specific network.

Cauldron Brochure (PDF):
http://www.epok.net/pdf/EpokCauldronBrochure.pdf

White Paper "Topological Vulnerability Analysis: A Powerful New Approach
For Network Attack Prevention, Detection, and Response" (PDF):
http://www.epok.net/pdf/Cauldron-Topological_Vulnerability_Analysis-A_Po
werful_New_Approach.pdf

If anyone is interested in a one-on-one live demo, send me an email with
best date and time. 

Aaron Stillwell

Office: 301.961.1759
Cell: 301.728.6901
E-mail: astillwell () epok net

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Bobby.Clarke () sealedair com
Sent: Thursday, June 04, 2009 11:08 AM
To: etienne.maynier () etu enseeiht fr
Cc: listbounce () securityfocus com; pen-test () securityfocus com
Subject: Re: Tools for pen-test

Good link here:

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html




"Etienne MAYNIER" <etienne.maynier () etu enseeiht fr> 
Sent by: listbounce () securityfocus com
06/03/2009 10:36 PM
Please respond to
etienne.maynier () etu enseeiht fr


To
pen-test () securityfocus com
cc

Subject
Tools for pen-test






Hi everybody,

I'm looking for tools for pen-test. Can you recommend me tools ? Do you
know website presenting comparison between them ?

I already found the top 100 of insecure.org but I'm looking for more
informations. How to choose one tool instead of another ?

I'm also looking for pen-test scenario, with what should I start ? Is
there differents scenario ?

Thanks in advance
Etienne

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review 
Board

Prove to peers and potential employers without a doubt that you can 
actually do a proper penetration test. IACRB CPT and CEPT certs require
a 
full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: