Re: pentest documentation

From: David Swafford (dswafford@alterhighschool.org)
Date: Mon Oct 02 2006 - 14:11:15 EDT

• Next message: Jürgen R. Plasser: "Re: pentest documentation"
• Previous message: Marvin Simkin: "RE: Implication of forced http GET request (Web App PT)"
• In reply to: Jürgen R. Plasser: "pentest documentation"
• Next in thread: Jürgen R. Plasser: "Re: pentest documentation"
• Reply: Jürgen R. Plasser: "Re: pentest documentation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have not used this personally but I have seen it demonstrated in an
ethical hacker training:

A commercial product by the name of Core Impact. It's capabilities are
enormous as it can capture the entire packet flow, key commands, and all
the necessary info and then break it out to nicely written reports.

Link: www.coresecurity.com/products/coreimpact/

David.

____________________________________________________
 
David A. Swafford, Network Engineer
Information Technology Team
Archbishop Alter High School
 
EC-Council Certified Ethical Hacker
 
A Cisco Systems, Inc., Certified Network Associate (CCNA)
and a CompTIA Network+ and Security+ Certified Professional

>>> "Jürgen R. Plasser" <plasser@hexagon.at> 10/2/2006 1:04:26 pm >>>
Hi All,

How do you document and log the pentest session itself?

I want to document the pentest process in detail, not only for the
customer, but for later reviews and to avoid legal difficulties.

What are the best tools to accomplish that or do you even record the
sessions on video with a camcorder? Or some kind of screen recorder?

Thanks,

Jürgen

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW

------------------------------------------------------------------------

_____________________________________
Note: this message has been scanned for viruses and mal-ware prior to leaving the Archbishop Alter High School Information Technology Network. Please report all possible solicitation and infected messages to abuse@alterhighschool.org, Thank you.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Jürgen R. Plasser: "Re: pentest documentation"
• Previous message: Marvin Simkin: "RE: Implication of forced http GET request (Web App PT)"
• In reply to: Jürgen R. Plasser: "pentest documentation"
• Next in thread: Jürgen R. Plasser: "Re: pentest documentation"
• Reply: Jürgen R. Plasser: "Re: pentest documentation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:04 EDT