From: Joseph McCray (joe@learnsecurityonline.com)
Date: Tue Dec 11 2007 - 00:51:22 EST
Guys, I've been on this list for years. And for the last few years I've
done a healthy amount of quiet complaining about the questions and the
posts on this list.
So I'm gonna go out on a limb here....
1. For the record this is not me trying to post for glory and fame or to
try and show how smart I think I am. This list is full of people that
have forgotten more about pentesting than I could ever hope to learn.
2. This is not me saying the skill level of the members is declining, or
anything negative about the list members, or new pentesters on this list
for that matter. We were all where new to pentesting, or new here once.
I remember several years ago when I wished I had skill to understand
some of the questions people asked on this list. I remember when people
on this list would ask questions about situations they were facing while
on a assessment. The person asking the question would list all of the
references he'd already read, what he'd already tried and the error
message he'd received. And amazingly - people would actually help....
Are people afraid to post that kind of stuff anymore or what? Have our
NDAs pushed us to just talking with our buddies in SILC servers, or just
posting stuff in blogs?
There are a ton of really smart people on this list. I see occasional
replies from some big names in the industry - really smart cats.
I'm doing 3 pentests a month now, and when I'm not working I live on
security blogs, and silc servers with my buddies - I don't really follow
the security lists and closely as I used to because it just doesn't seem
like people are sharing as much information as they used to on here.
I don't know if anyone else is feeling this way about this list, if you
disagree with me say so....
Guys here is what I'm dealing with out there - what about you?
* NAC Solutions (tricky, but not as tough as Host-based IPS - MAC/IP
spoofing still gets by of the stuff I've run into)
* Host-Based IPS Solutions (really tough to beat - at least for me)
* Wireless IPS Solutions (a joke)
* 802.1x - I haven't seen it on an assessment yet.
I'm having to hit web app, and client-side stuff to get into the
networks from the outside. Port scanning and VA tools are damn near
useless from external.
For me web app, to back end server, to the LAN is so rare it might as
well be non-existent. Web app to DB - yeah...but not to internal LAN for
me very much.
Spear phishing with or without client-side exploits is it for me for
external to internal. <-- How about you guys?
Internal networks are still a mess, riddled with old vulnerabilities -
even when the customer has patch management solutions. I can't be as
noisy trying to find them like the good old days - but they are still
there - the bigger the company the more legacy crap they have.
Rarely I find a Linux box on the client's network that I can use to set
up shop these days so I've had to develop a collection of command-line
windows tools. Anybody else in this boat? If so what's in your toolkit?
I started with meta.cab from Phoenix 2600 and have been customizing it.
For wireless I pretty much just use Kisment/Aircrack-NG, but I'm really
interested in wicrawl. Anyone using it on pentests yet?
Inguma looks interesting, I run into Oracle on tests a lot. Is anyone
using it - if so what do you think?
Some attacks that look really interesting - but I don't know of anyone
doing them in assessments? Can someone shed some light?
* DNS-Rebinding
* Oracle Cursor Snarfing
* Remotely fingerprint OS Language packs
* Remote SQL/PHP Shell Injection
I look forward to hearing from you guys....let me know what you are
running into.
j0e
--
Joe McCray
Toll Free: 1-866-892-2132
Email: joe@learnsecurityonline.com
Web: https://www.learnsecurityonline.com
Learn Security Online, Inc.
* Security Games * Simulators
* Challenge Servers * Courses
* Hacking Competitions * Hacklab Access
"The only thing worse than training good employees and losing them
is NOT training your employees and keeping them."
- Zig Ziglar
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:15 EDT