Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Exploit Repositories and Due Diligence

from [Leandro Reox] Network Security [Permanent Link]
Subject: RE: Exploit Repositories and Due Diligence
Date: Fri, 10 Jun 2005 02:22:00 -0200 
Jeff, 

I think that the source of the exploits you use is the most important thing 
If you don't code it, its important to review de code and to know that the
exploit its really ested and comes from a trusted place ( Like
securityfocus, k-otik, etc). A lot of pen-testing distros like F.I.R.E ,
whoopix, PHLACK, etc are a good repository.
But I recommend always setup a Testing environment (if you don't have al
architectures or platforms to probe, just mount a few virtual machines :D )
and test the exploit you download for yourself, its always a good practice.
Like some people says, if you don't code you really don't know it.

CHeers

-----Original Message-----
From: Jeff [mailto:jb@jbware.net] 
Sent: Thursday, June 09, 2005 11:20 PM
To: pen-test@securityfocus.com
Subject: Exploit Repositories and Due Diligence

I have a question regarding the use of exploit repositories (including
projects like Metaploit, and compliations on bootable distros like Whoppix).
With all of the large exploit repositories used to make pen testing faster
and easier, what methods do you use to ensure you've done your due diligence
in not unleashing something actually harmful on your clients?  I have my own
thoughts, such as googling and superficial|deep code reviews, but ultimately
my concern is over the malcious hiding of intentions.  Thanks for any
insights and suggestions.

- Jeff
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: SQL injection, Todd Towles
Next by Date:  A suggestion from the Moderator, Erin Carroll
Previous by Thread:  Exploit Repositories and Due Diligence, Jeff
Next by Thread:  RE: Exploit Repositories and Due Diligence, Sahir Hidayatullah
Indexes:  [Date] [Thread] [Top] [All Lists]