 
Dailydave mailing list archives
TNG Pen Test Tool Questions
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 25 Oct 2013 11:54:43 -0400
The future of penetration testing tools is coming up quickly, and all the questions have changed on you. For example, it used to be that you would ask: o "How many exploits does it have?" o "How fast can it scan a class B?" o "Can it connect back over HTTPS?" o "Can it bounce from host to host within the internal network?" o "Can you automatically choose the right client side attack when people connect to you?" o etc But here are some of the ones we're asking the INNUENDO dev team, which I think are representative of the post FLAME/STUXNET world: o "Is the local persistence store configurable between the registry and file system or other covert data storage?" o "Can I reconfigure the callback protocol on the fly during a file transfer - and does this automatically happen if my HTTPS callback gets suddenly blocked or shut down?" o "How does it handle Citrix?" o "Is the covert file storage automatically encrypted to C&C or is it plaintext or what?" o "Can I store exploit modules encrypted on the machine until the C&C asks for them to be used?" (http://www.securelist.com/en/blog/208193781/) o "Does it come with the ability to do raw socket injection on Windows 8 x64?" o "How do I write a MITM module?" -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- TNG Pen Test Tool Questions Dave Aitel (Oct 25)
- Re: TNG Pen Test Tool Questions David Maynor (Oct 29)
- Re: TNG Pen Test Tool Questions Rob Fuller (Oct 30)
 
 
- Re: TNG Pen Test Tool Questions David Maynor (Oct 29)


