Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Windows XP SP2 and Security Tools
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Tue, 20 Sep 2005 12:31:11 -0400

From the Pen testers perspective:

Lots of tools are broken by SP2, not all can be fixed by a regedit
patch. Do install the regedit patch that comes along with the Windows
version of nmap...it will increase the number of sessions you can launch
at once. 

DEP/NX will "break" lots of other tools at least partially (ex. Cain,
Lsadump, etc.)

Microsoft is getting better at security and that makes the tools harder
to use too, unfortunately for pen testers...but overall it means good
things for the overall security.


*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), TICSA, CEH, CHFI
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Honeypots for Windows (Apress)

-----Original Message-----
From: Steve McLaughlin [mailto:Steve.McLaughlin () aggreko co uk] 
Sent: Monday, September 19, 2005 10:46 AM
To: pen-test () securityfocus com; security-basics () securityfocus com
Subject: Windows XP SP2 and Security Tools

Hi List,
We are currently in the stage of rolling out Windows XP SP2. I know that
this had some problems with winpcap a while back.
we use all the good open source security tools we can with windows, cos
its easier than putty to the linux box.
Des anyone know of any issues, or problems that SP2 may pose from what a
security pen-testing box is concerned.
Will it affect any Windows based security tools, or are there any other
issues it has from a security point of view?
Considering it is also my workstation, and hence we have to use windows
for it.
Thankyou in Advance,

Visit us at http://www.aggreko.com

Confidentiality Notice:  This communication and any accompanying
attachments contain confidential information intended for a specific
individual and purpose.  This communication is private and protected by
law.  If you are not the intended recipient, you are hereby respectfully
notified that any disclosures, copying, forwarding or distribution, or
the taking of any action based on the contents of this communication is
strictly prohibited.

This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email

Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]