Penetration Testing mailing list archives
RE: Tools for pen-test
From: "Aaron Stillwell" <astillwell () epok net>
Date: Fri, 5 Jun 2009 10:35:05 -0400
Hello Etienne, My company, Epok, is working with George Mason University to help commercialize the Topological Vulnerability Analysis Tool Cauldron. Cauldron was developed by the CSIS department @ GMU and funded by the Department of Homeland Security. A little history and background on TVA Technology... Researchers at CSIS pioneered the modeling and simulation of complex multi-step attacks through networks, an approach known as Topological Vulnerability Analysis (TVA). This approach captures the network configuration, vulnerabilities, connectivity, etc., and matches this information against a comprehensive database of modeled attacker exploits, thus predicting all possible paths of vulnerability through a network. Analysis and visualization of the resulting attack graphs provides optimal strategies for minimizing attack risks, and provides context for attack response planning and situational awareness. By mapping paths of vulnerability through our networks, we pro-actively reduce exposure while minimizing deployment costs. Then, under actual attack, we can correlate and prioritize alarms, and formulate very precise attack responses. TVA can also guide the post-attack forensics process, providing hypothesis for possible attacker actions. TVA technology involves a variety of key areas in information security, computer networking, data analysis, and software engineering. It predicts all possible network attack paths, simulating an exhaustive red team exercise against the network, for optimal blue team mitigation. It incorporates a storehouse of knowledge gathered by security researchers and practitioners, tailored to a specific network. Cauldron Brochure (PDF): http://www.epok.net/pdf/EpokCauldronBrochure.pdf White Paper "Topological Vulnerability Analysis: A Powerful New Approach For Network Attack Prevention, Detection, and Response" (PDF): http://www.epok.net/pdf/Cauldron-Topological_Vulnerability_Analysis-A_Po werful_New_Approach.pdf If anyone is interested in a one-on-one live demo, send me an email with best date and time. Aaron Stillwell Office: 301.961.1759 Cell: 301.728.6901 E-mail: astillwell () epok net -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Bobby.Clarke () sealedair com Sent: Thursday, June 04, 2009 11:08 AM To: etienne.maynier () etu enseeiht fr Cc: listbounce () securityfocus com; pen-test () securityfocus com Subject: Re: Tools for pen-test Good link here: http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html "Etienne MAYNIER" <etienne.maynier () etu enseeiht fr> Sent by: listbounce () securityfocus com 06/03/2009 10:36 PM Please respond to etienne.maynier () etu enseeiht fr To pen-test () securityfocus com cc Subject Tools for pen-test Hi everybody, I'm looking for tools for pen-test. Can you recommend me tools ? Do you know website presenting comparison between them ? I already found the top 100 of insecure.org but I'm looking for more informations. How to choose one tool instead of another ? I'm also looking for pen-test scenario, with what should I start ? Is there differents scenario ? Thanks in advance Etienne ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools for pen-test Etienne MAYNIER (Jun 03)
- Re: Tools for pen-test Ying (Jun 04)
- RE: Tools for pen-test Amardeep Singh (Jun 04)
- Re: Tools for pen-test Ti (Jun 04)
- Re: Tools for pen-test Jamie (Jun 08)
- Re: Tools for pen-test SD List (Jun 04)
- Re: Tools for pen-test Bobby . Clarke (Jun 04)
- RE: Tools for pen-test Aaron Stillwell (Jun 08)
- Re: Tools for pen-test addit420 (Jun 12)