Re: Pen Test Basic Needs

From: Kyle Maxwell (krmaxwell@gmail.com)
Date: Fri Jul 15 2005 - 13:53:45 EDT

• Next message: Stephane Auger: "RE: Pen Test Basic Needs"
• Previous message: macubergeek@comcast.net: "Memory leake in VMware ACE"
• In reply to: Stephane Auger: "Pen Test Basic Needs"
• Next in thread: Stephane Auger: "RE: Pen Test Basic Needs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 7/14/05, Stephane Auger <sauger@pre2post.com> wrote:
> 1) If you had to do a pen-test, what type of information would you need to begin with? External IP? Web site name? Anything else I'm forgetting?

Depends on what the client wants -- is this 'zero knowledge'? What's
fair game? This is part of the scope determination.

> 2) What tools would you use for the pen-test? Nessus, Snort, Cain&Abel. Anything else that would be useful?

Not really sure what use Snort would be. That said, you should first
have a basic methodology for the test (footprint, enumeration, etc.),
and *that* will drive your tools. Putting the tools ahead of the
process is asking for trouble.

-- 
Kyle Maxwell
http://caffeinatedsecurity.com
[krmaxwell@gmail.com]

• Next message: Stephane Auger: "RE: Pen Test Basic Needs"
• Previous message: macubergeek@comcast.net: "Memory leake in VMware ACE"
• In reply to: Stephane Auger: "Pen Test Basic Needs"
• Next in thread: Stephane Auger: "RE: Pen Test Basic Needs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:33 EDT