 Penetration Testing Mailing List
While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
List Archives
Latest Posts
RE: Pentest lab box 16 gigs of ram
Waddell, Sean (Nov 23)
Why not use VMware ESXi? It's free and has it's own OS. Then just load up your guest OS as needed.
SW
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of macubergeek
Sent: Wednesday, November 18, 2009 18:33
To: pen-test () securityfocus com
Subject: Pentest lab box 16 gigs of ram
All
I'm thinking of building a vmware target box for a pentest practice lab consisting of:
cheap...
RE: VideoJak 2.0 Released
Abhijeet Hatekar (Nov 23)
Videojak is IP Video Hijacking tool which can be used to hijack IP Video calls and streams from video surveillance
camera. It supports SIP, SCCP and RTP protocols and can decode H264 media streams.
Videojak can play fake video content on IP video phones and cameras.
Please visit http://Videojak.sf.net for details.
Thanks and Regards,
Abhijeet Hatekar
When SPAMMERS Pay You !
Shreyas Zare (Nov 23)
Hi,
I dont know if people on this list know this, that's why I am mailing
it to know if you had such experience. I got this email from PayPal
(below). This is new way to SPAM, where the spammer sends you a eCheck
through PayPal, then later cancels the payment. The value on eCheck is
very small. But the spammer is able to get his mails into users inbox
through PayPal servers.
Its quite good idea, I tried to check out on PayPal site where I can...
Different ways to portscan IPS
Vimal™ (Nov 23)
What are the different ways of port scanning the target when an IPS in placed.
Some of the methods I used are:
1. Delay the scan prob (nmap --scan-delay)
2. Integrating the scanner with TOR
Regards
Vimal
web : http://www.maestro-sec.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt...
Re: Pentest lab box 16 gigs of ram
jsb (Nov 23)
Just thinking about using this OS is a bad start. esxi or xenserver
are much better. Then put anything you want on top...
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in...
Re: Pentest lab box 16 gigs of ram
Lorenzo Nicolodi (Nov 23)
Hi jk,
I would suggest to use Ubuntu fot these reasons:
1) it works very well
2) you can use it for free
3) if you are interested in the guests (virtual) machines, the host OS
has to provide only the software layer for the virtualization, so
which OS you will use is not so important
4) I don't have a great experience with Windows Vista / Windows 7, I
have heard that the "home version"s have some troubles which are not
present in the...
Re: Windows Internationalization?
Robert Portvliet (Nov 23)
It's been a bit, but I used to do work (remotely) on machines in
Singapore sometimes & I seem to recall everything being in (what I
assume was) Chinese.
As far as the internals go, I noticed some exploits in Metasploit have
'Windows XP Chinese' as a target, so I guess there is some difference
in the return addresses & such.
I see mention on foofus.net from 06/21/2007 about Chinese language
packs that states: "I know there is still...
Penetrating a MySql Server
r00fsec (Nov 23)
Hi!!
So...I have a home server . It uses apache , php and MySql (5.0.77). It doesn't has any site on it but i create a page
with a simple sql injection Bug.
MySql server is running as root user. Now the goal is to take a shell in this server just for exercise . I know that it
is not so easy to find out there a server like this but im now starting to "play" with these things.
I have try some technics but i didnt got the shell yet :p...
Re: CEH or OSCP?
Danux (Nov 23)
Always the same question from newbies!!! Dont feel that, I asked the
same long time ago.
If you wanna learn hundred of security tools go for CEH.
If you wanna learn how to crete basic hacking tools go for OSCP.
If you are a beginner definitely OSCP is not for you.
Using linux firewalls for PCI compliant infrastructure
Siim Põder (Nov 23)
Hi
We are using linux-based servers as firewalls for PCI compliant
infrastructure. During audits it has been AOK so far but security
people internally have suggested that maybe a commercial product would
be better suited for PCI infrastructure (as it is pretty critical).
I'm personally very happy with the iptables firewalls - we can use all
the standard components for firewalls that we use for everything else
(including standard administration...
Re: CEH or OSCP?
Jon Kibler (Nov 23)
Vaibhav Kaushal wrote:
http://www.offensive-security.com/contact.php
Re: Firewall Type Fingerprinting
Chris Brenton (Nov 23)
If you know what to look for, absolutely. I have yet to see an automated
tool beyond what I've scripted myself. Check out question 13 below as
well as the answer, I've documented a portion of the process:
http://www.chrisbrenton.org/2009/07/test-your-network-security-skills/
Thought about releasing this as a tool but the potential is a bit
scary. ;-)
HTH,
Chris
Re: Malware Analysis
Chip Panarchy (Nov 23)
Hi,
Not sure what happened to my last post, so I'll just reiterate it!
Of many anti-malware software I've tried, MalwareBytes (free) seems to
be the best.
However, I haven't tested the latest ones, so I'd recommend (if you
have the time) to test out as many of the different free/trial malware
detection/removal software as you can, then decide for yourself.
Best of luck,
Panarchy...
Re: CEH or OSCP?
Wim Remes (Nov 23)
Hi,
There's really only one good answer to this : OSCP.
If you still want to be in security after that, you're good .... be prepared for a wild ride though, you'll be out
there on your own. It's not a course for the faint of heart.
I'm not gonna comment on CEH ...
Cheers,
W
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and...
Re: Firewall Type Fingerprinting
Edin Dizdarevic (Nov 23)
Nmap should be the right tool, it can recognize many target systems. Get
it at http://nmap.org, see the docs for more information.
Regards,
Edin
Zaki Akhmad schrieb:
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT...
More Lists
Dozens of other network security lists are archived at
SecLists.Org.
|