RE: I want the PT list back....

From: Ken.Carty@RSCrental.com
Date: Thu Dec 13 2007 - 17:52:17 EST


I'm one of those guys that knows nil about security. I don't know what or
how to ask. My career path took
me into credit and collections; but, I've always had a keen interest in
computers sciences.
Most of what you guys talk about is way over my head but can gleam a tidbit
once in a while.
I joined this list to learn - thanks to everyone for your wiliness to
answer questions.

Ken

                                                                           
             "Shenk, Jerry A"
             <jshenk@decommuni
             cations.com> To
             Sent by: "Joseph McCray"
             listbounce@securi <joe@learnsecurityonline.com>,
             tyfocus.com "pen-test"
                                       <pen-test@securityfocus.com>
                                                                        cc
             12/12/2007 07:21
             PM Subject
                                       RE: I want the PT list back....
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           

I agree. I think there are two(+1) problems:

1)People get ripped to shreds too often for asking a question. Somebody
else might be able to easily google it or know where in the docs to find
it. I know that there are LOTS of times that I've beaten my head
against a wall for hours before I found a very simple solution like a
missing space in a config file (that was today;) or a simple google
search. It would be nice if people who know all the answers and feel
the need to tell everybody how much they know and often NOT even answer
the question would just move on.

2)some of the list-servers seem to throw my responses away. I just
don't know why. Sometimes I've answered with well thought-out
informative replies only to get a response a few days later that some
process threw it away 'cuz it hadn't been forwarded through. I don't
know if the admin was busy or if my reply was just too stupid. We
almost need moderators because of #3.

3)Spam - my e-mail address is now available to be collected so that I
can get ads for stuff I wouldn't by from a respectable company. Well,
they already have my address anyway so.....

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Joseph McCray
Sent: Tuesday, December 11, 2007 12:51 AM
To: pen-test
Subject: I want the PT list back....

Guys, I've been on this list for years. And for the last few years I've
done a healthy amount of quiet complaining about the questions and the
posts on this list.

So I'm gonna go out on a limb here....

1. For the record this is not me trying to post for glory and fame or to
try and show how smart I think I am. This list is full of people that
have forgotten more about pentesting than I could ever hope to learn.

2. This is not me saying the skill level of the members is declining, or
anything negative about the list members, or new pentesters on this list
for that matter. We were all where new to pentesting, or new here once.

I remember several years ago when I wished I had skill to understand
some of the questions people asked on this list. I remember when people
on this list would ask questions about situations they were facing while
on a assessment. The person asking the question would list all of the
references he'd already read, what he'd already tried and the error
message he'd received. And amazingly - people would actually help....

Are people afraid to post that kind of stuff anymore or what? Have our
NDAs pushed us to just talking with our buddies in SILC servers, or just
posting stuff in blogs?

There are a ton of really smart people on this list. I see occasional
replies from some big names in the industry - really smart cats.

I'm doing 3 pentests a month now, and when I'm not working I live on
security blogs, and silc servers with my buddies - I don't really follow
the security lists and closely as I used to because it just doesn't seem
like people are sharing as much information as they used to on here.

I don't know if anyone else is feeling this way about this list, if you
disagree with me say so....

Guys here is what I'm dealing with out there - what about you?

* NAC Solutions (tricky, but not as tough as Host-based IPS - MAC/IP
spoofing still gets by of the stuff I've run into)

* Host-Based IPS Solutions (really tough to beat - at least for me)

* Wireless IPS Solutions (a joke)

* 802.1x - I haven't seen it on an assessment yet.

I'm having to hit web app, and client-side stuff to get into the
networks from the outside. Port scanning and VA tools are damn near
useless from external.

For me web app, to back end server, to the LAN is so rare it might as
well be non-existent. Web app to DB - yeah...but not to internal LAN for
me very much.

Spear phishing with or without client-side exploits is it for me for
external to internal. <-- How about you guys?

Internal networks are still a mess, riddled with old vulnerabilities -
even when the customer has patch management solutions. I can't be as
noisy trying to find them like the good old days - but they are still
there - the bigger the company the more legacy crap they have.

Rarely I find a Linux box on the client's network that I can use to set
up shop these days so I've had to develop a collection of command-line
windows tools. Anybody else in this boat? If so what's in your toolkit?
I started with meta.cab from Phoenix 2600 and have been customizing it.

For wireless I pretty much just use Kisment/Aircrack-NG, but I'm really
interested in wicrawl. Anyone using it on pentests yet?

Inguma looks interesting, I run into Oracle on tests a lot. Is anyone
using it - if so what do you think?

Some attacks that look really interesting - but I don't know of anyone
doing them in assessments? Can someone shed some light?

* DNS-Rebinding
* Oracle Cursor Snarfing
* Remotely fingerprint OS Language packs
* Remote SQL/PHP Shell Injection

I look forward to hearing from you guys....let me know what you are
running into.

j0e

--
Joe McCray
Toll Free:  1-866-892-2132
Email:      joe@learnsecurityonline.com
Web:        https://www.learnsecurityonline.com
Learn Security Online, Inc.
* Security Games        * Simulators
* Challenge Servers     * Courses
* Hacking Competitions  * Hacklab Access
"The only thing worse than training good employees and losing them
is NOT training your employees and keeping them."
        - Zig Ziglar
**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the
use of the individual or entity to which they are addressed and may contain
information that is privileged, proprietary and confidential. If you are
not the intended recipient, you may not use, copy or disclose to anyone the
message or any information contained in the message. If you have received
this communication in error, please notify the sender and delete this
e-mail message. The contents do not represent the opinion of D&E except to
the extent that it relates to their official business.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:16 EDT