Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
pen-test logo
Penetration Testing Mailing List

While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
200920413615620376175125158115215130
200825416616816919380168156167217135301
2007141168194171276207225290166157140159
2006330462417318325552447421247317198282
20051811231277896328391379445271277278
20042961782061081411799933933357114208
20036015918911612614424137105131
200211611382521461181487467234947
200118213921413130619513628920415086
2000232501379449411

Latest Posts

RE: Pentest lab box 16 gigs of ram Waddell, Sean (Nov 23)
Why not use VMware ESXi? It's free and has it's own OS. Then just load up your guest OS as needed.

SW
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of macubergeek
Sent: Wednesday, November 18, 2009 18:33
To: pen-test () securityfocus com
Subject: Pentest lab box 16 gigs of ram

All

I'm thinking of building a vmware target box for a pentest practice lab consisting of:

cheap...

RE: VideoJak 2.0 Released Abhijeet Hatekar (Nov 23)
Videojak is IP Video Hijacking tool which can be used to hijack IP Video calls and streams from video surveillance
camera. It supports SIP, SCCP and RTP protocols and can decode H264 media streams.
Videojak can play fake video content on IP video phones and cameras.
Please visit http://Videojak.sf.net for details.

Thanks and Regards,

Abhijeet Hatekar

When SPAMMERS Pay You ! Shreyas Zare (Nov 23)
Hi,

I dont know if people on this list know this, that's why I am mailing
it to know if you had such experience. I got this email from PayPal
(below). This is new way to SPAM, where the spammer sends you a eCheck
through PayPal, then later cancels the payment. The value on eCheck is
very small. But the spammer is able to get his mails into users inbox
through PayPal servers.

Its quite good idea, I tried to check out on PayPal site where I can...

Different ways to portscan IPS Vimal™ (Nov 23)
What are the different ways of port scanning the target when an IPS in placed.

Some of the methods I used are:

1. Delay the scan prob (nmap --scan-delay)

2. Integrating the scanner with TOR

Regards
Vimal

web   : http://www.maestro-sec.com

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt...

Re: Pentest lab box 16 gigs of ram jsb (Nov 23)
Just thinking about using this OS is a bad start. esxi or xenserver
are much better. Then put anything you want on top...

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in...

Re: Pentest lab box 16 gigs of ram Lorenzo Nicolodi (Nov 23)
Hi jk,

I would suggest to use Ubuntu fot these reasons:

1) it works very well
2) you can use it for free
3) if you are interested in the guests (virtual) machines, the host OS
has to provide only the software layer for the virtualization, so
which OS you will use is not so important
4) I don't have a great experience with Windows Vista / Windows 7, I
have heard that the "home version"s have some troubles which are not
present in the...

Re: Windows Internationalization? Robert Portvliet (Nov 23)
It's been a bit, but I used to do work (remotely) on machines in
Singapore sometimes & I seem to recall everything being in (what I
assume was) Chinese.

As far as the internals go, I noticed some exploits in Metasploit have
'Windows XP Chinese' as a target, so I guess there is some difference
in the return addresses & such.

I see mention on foofus.net from 06/21/2007 about Chinese language
packs that states: "I know there is still...

Penetrating a MySql Server r00fsec (Nov 23)
Hi!!

So...I have a home server . It uses apache , php and MySql (5.0.77). It doesn't has any site on it but i create a page
with a simple sql injection Bug.
MySql server is running as root user. Now the goal is to take a shell in this server just for exercise . I know that it
is not so easy to find out there a server like this but im now starting to "play" with these things.

I have try some technics but i didnt got the shell yet :p...

Re: CEH or OSCP? Danux (Nov 23)
Always the same question from newbies!!! Dont feel that, I asked the
same long time ago.

If you wanna learn hundred of security tools go for CEH.
If you wanna learn how to crete basic hacking tools go for OSCP.

If you are a beginner definitely OSCP is not for you.

Using linux firewalls for PCI compliant infrastructure Siim Põder (Nov 23)
Hi

We are using linux-based servers as firewalls for PCI compliant
infrastructure. During audits it has been AOK so far but security
people internally have suggested that maybe a commercial product would
be better suited for PCI infrastructure (as it is pretty critical).

I'm personally very happy with the iptables firewalls - we can use all
the standard components for firewalls that we use for everything else
(including standard administration...

Re: CEH or OSCP? Jon Kibler (Nov 23)
Vaibhav Kaushal wrote:

http://www.offensive-security.com/contact.php

Re: Firewall Type Fingerprinting Chris Brenton (Nov 23)
If you know what to look for, absolutely. I have yet to see an automated
tool beyond what I've scripted myself. Check out question 13 below as
well as the answer, I've documented a portion of the process:

http://www.chrisbrenton.org/2009/07/test-your-network-security-skills/

Thought about releasing this as a tool but the potential is a bit
scary. ;-)

HTH,
Chris

Re: Malware Analysis Chip Panarchy (Nov 23)
Hi,

Not sure what happened to my last post, so I'll just reiterate it!

Of many anti-malware software I've tried, MalwareBytes (free) seems to
be the best.

However, I haven't tested the latest ones, so I'd recommend (if you
have the time) to test out as many of the different free/trial malware
detection/removal software as you can, then decide for yourself.

Best of luck,

Panarchy...

Re: CEH or OSCP? Wim Remes (Nov 23)
Hi,

There's really only one good answer to this : OSCP.

If you still want to be in security after that, you're good .... be prepared for a wild ride though, you'll be out
there on your own. It's not a course for the faint of heart.

I'm not gonna comment on CEH ...

Cheers,

W

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and...

Re: Firewall Type Fingerprinting Edin Dizdarevic (Nov 23)
Nmap should be the right tool, it can recognize many target systems. Get
it at http://nmap.org, see the docs for more information.

Regards,
Edin

Zaki Akhmad schrieb:

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]