From: DeMott Jared (demott_jared@bah.com)
Date: Tue Aug 17 2004 - 09:43:44 EDT
Gang:
I was wondering if anyone has a nice archive of Windows, Unix, etc.
exploits (fully functional) they'd be willing to share. I'm about to do
the first pen-test of our network. I know that I can identify
"potential" flaws using Nessus, but my boss has asked that I prove to
him each and every "potential" weakness. I've been told that you can
find many exploits out on the web, but it's been such a hassle trying to
find all of what I'm looking for!
Also, I've been reading the discussion about methodology some people
have been having:
1.) Vulnerability Assessment 2.) Penetration Test
-Gather data -Pretend not
to know data
-Assess potential weakness -Try to Hack into
the network
-Determine what current patch levels are -Report successes or
failures
(does someone have this data?)
-Recommend all necessary corrections
Does anyone have a more complete methodology paper? I've been hearing
some of the pros and cons of the above two. Do you normally do both, or
just whatever people what? I assume the first is more difficult and
time consuming; is that true?
The approach is certainly important, but even more intimidating: I feel
like I need to know everything about varying brands of firewalls,
routers, switches/hubs, VLANs, VPNs, Web Applications, Windows, Unix,
Netware, etc., etc., etc.! I'm pretty experienced in Unix and
Firewalls, but does anyone have any advise on dealing with the shear
magnitude of data necessary? Also, from the more practical tools stand
point, do you guys just have everything loaded on one "attack" laptop.
Dual boot, or VmWare?
Thanks so much!
Jared DeMott
Vulnerability Analyst
Booz | Allen | Hamilton
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT