Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Best ROI Combination - Metasploit & Training
From: Arch Angel <arch3angel () gmail com>
Date: Wed, 12 Dec 2012 20:36:46 -0500

Josh,

If you have time I would like to discuss, offline, your setup and how you run/setup things to accomplish this same goal. My original goal was to use Open Source where I can, but one of the things I knew going into this was that world wide we are deploying QRadar very soon so whatever work I do now I want to work with that. I don't want to spend all this time building a program only to start over with something else once QRadar is deployed. Hence the reason I reached out to the community for others opinions and advice.

Let me know offline if you have time to talk and how to reach you.

--

Thank you,

Robert Miller
http://www.armoredpackets.com

Twitter: @arch3angel


On 12/11/12 1:38 PM, Josh More wrote:
I don't think Nessus and Nexpose is comparing apples and apples. The full Security Center compares more fairly to the full Nexpose line.

Personally, what I like about Nessus is that, when paired with Metasploit community and a few other tools, I can cover 90% of what Nexpose + Metasploit Pro gives me for a substantial reduction of the cost. It takes a bit more time perhaps, but I find that my understanding of what's truly going on is greatly improved. Then, when you add webby tools like BurpSuite Pro, you can boost your capabilities beyond what Nexpose can do (at least the last time I checked).

That's not to say, of course, that my way is right for everyone. It's just that I've found that the advantages that tools like Nexpose and Core give a team over their open source equivalents are generally useful for experienced teams. For inexperienced teams, I've more often found them used as crutches that hinder the learning process and I think it's an awful lot of money to pay for a disadvantage. Given the success of those tools in the market, it may well be that my experiences are in the minority.

In case it helps anyone else, my paid tools are Nessus, BurpSuite Pro and Maltego. Everything else I use is free and open source. This works well until that approach gives you full coverage (which takes a long time for smaller / less mature organizations), then the more expensive tools can accelerate your approach or give you a wider range of coverage.

-Josh More

On Tue, Dec 11, 2012 at 9:10 AM, Arch Angel <arch3angel () gmail com <mailto:arch3angel () gmail com>> wrote:

    Honestly Albert, I can't say that I have a legitment "reason" per
    say.  I have found, in my experience, to get the full benefit of
    Nessus you really need Security Center and the other products, but
    in general that's not a real reason, just a personal opinion.  I
    have just seen NexPose as a better product over all, in look,
    feel, and acurancy. However, again this is just my opinion I
    really don't have a reason outside personal preference I guess.
    I'm not opposed to diving deeper into Nessus and learning the
    advanatges or capabilities though.
    Robert
    (arch3angel)

    On Tue, Dec 11, 2012 at 9:51 AM, Albert R. Campa
    <abcampa () gmail com <mailto:abcampa () gmail com>> wrote:

        stand alone Nessus does integrate with Qradar.

        I really like Nessus as a scanner and also as you say, using
        audit files.

        SANS training like 560 or 542 are both good, offsec training
        is great as well.

        im interested to know why you dont like Nessus as a
        vulnerability scanner?


        On Mon, Dec 10, 2012 at 6:37 PM, Arch Angel
        <arch3angel () gmail com <mailto:arch3angel () gmail com>> wrote:

            I would like to thank everyone for the advice and
            suggestions, it is truly appreciated and welcomed!

            I cannot go into detail as to the company or the status
            but I can say that in my region we are looking to build a
            ground up program and are under Visa, MasterCard,
            Discover, and ISO guidelines / requirements.  We currently
            have Nessus, which till I walked in had not even been
            installed.  As a matter of fact I asked which machine it
            was on, the reply was "Well we couldn't get it licensed
            because it would have required a firewall change and
            that's a hassle so we just never installed it".  Needless
            to say it is installed and I'm working through the trials
            and tribulations of red tape to get it to do more for us
            than host discovery.  That being said I absolutely love
            Nessus but not as a vulnerability scanner.  I like it
            automating configuration checks, custom audit files,
            checking Active Directory items, etc..  I prefer NexPose
            for vulnerability and NexPose seamlessly integrates with
            Q1 Labs, QRadar SIEM, which I am not sure Nessus does.
             QRadar is coming down the pipe from corporate before too
            long.

            I also prefer to invest in good people rather than tools
            which, as mention above, have a tendency to sit in the
            virtual bookshelf collecting virtual dust if the people
            don't know how to use them. This may end up being answered
            based on $$$ over the 2013 calendar year.  Unfortunately I
            was not part of the 2013 budget plans, so it may end up
            being nothing till 2014 :-(

            For example, I am in the process of building a wireless
            auditing program based on Kismet, and off the shelf
            hardware.  This is actually working quite well so far
            during testing!

--
            Thank you,

            Robert Miller
            http://www.armoredpackets.com

            Twitter: @arch3angel


            _______________________________________________
            Pauldotcom mailing list
            Pauldotcom () mail pauldotcom com
            <mailto:Pauldotcom () mail pauldotcom com>
            http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
            Main Web Site: http://pauldotcom.com




    _______________________________________________
    Pauldotcom mailing list
    Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com>
    http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
    Main Web Site: http://pauldotcom.com




_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]