You could try VMWare.

That just minimizes the windows that you have open.  Boss will not only minimize them but will remove them from your task bar so that they are virtually not detectable without going into task manager and looking for the running processes. 

Dont know if anyone will have any use for this, but it is a pretty cool tool to hide open windows with the click of a single key on your keyboard.  Its called Boss! and you can check it out here.
http://www.rohitab.com/boss/index.html

I know alot of people will say ethereal/wireshark to this question because it is probably the best free analyzer you can get, but I was wondering what sniffers/network protocol analyzers some of you use and like.  I currently use wireshark and have some experience with Network Generals Sniffer Pro.  Anyone have any comments good or bad about any others out there free or commercial grade.  If so what do/dont you like about them.

I might be wrong but I dont think you can get the actual IP address of the sender through mail headers.  I know that you will get the IP of the gmail mail server in the headers but will not get the actual users IP due to them connecting through a web interface and sending mail from there the source IP will be gmail which does you no good as you already know that.  Also, even if you do get the end users IP, most likely it will be registered to their ISP which may not even be in the same area, and not them.  You will run into the same problem with their ISP giving out details as to the acutal destination of the IP.  At least in the US they tend not to give out information without some kind of law enforcement being involved.

Foundstone has a pretty big list of free tools for you to use as well.  I use GFI and it is pretty good although it is a commercial scanner.  Nessus has been ported over to windows if you download nessus 3 from www.nessus.org you can run it on xp.  I think it is the best vulnerability scanner there is free or commercial just my opinion.  Nmap will run on windows also.  One thing I would recommend is to try and learn these tools on linux as they will allow you to learn that os which is far superior for hacking, or try a bootable linux distro such as backtrack which will already have those tools on it.  You can find alot of tools on windows but the assortment of tools for linux is far greater, and most of them are free which is a bonus (sorry to get off topic).

Touching on what slimjim said if you can capture some IV packets (interesting packets) you can use airreplay to crack the keys faster.  On a basic home network you would probably have to sniff traffic quite awhile to get enough IV packets to crack the wep key.  Airreplay will allow you to do it alot faster.  You can also check out cain as the new versions have a wireless cracking feature built in.

If you are talking vulnerability scanner I would use Nessus, if you are just wanting to port scan I would use nmap. 

Good practice to get away from users being local admins.  Internally on our network we do the same thing.  The only difference is that we have all users either running in power users group, or the standard users group.  If someone needs local admin rights to run a certain application, then we created a user on their system and put it in the local admin group the same as you did.  We then have them use the "run as" option to run their app by doing the "shift ctl right click" and selecting run as.  It then prompts them to enter their local admin user id and password and runs only that app as that user.  This keeps our users from logging in as local admin running their apps and forgetting to logoff.  Just a thought for you.

I came across this site some time ago and bookmarked it.  It contains some pretty nice info.  Dont know if it has already been posted here or not.

http://www.vulnerabilityassessment.co.uk/index.htm

Thanks slimjim

For me alot of time is spent in the upfront work of the sale as well as the actual testing.  We have the sales staff to do it but the actual testers are always involved in the sales process from the beginning.  We do everything from the proposal, billing, testing, report writing, and presentation, our sales staff only gets the leads.  In some of the larger organisations they have staff dedicated to some of this stuff as well as dedicated people to write or help review their reports so I am assuming that if you get into a larger consulting firm you would get more face time testing.  On the other side if you ever want to go out on your own you will need the other skills as well.  I would say that I spend on an average week 30% testing, 20% selling, 25% report writing/presentation and reviewing others reports, and 25% work in lab environment testing tools and methodologies and reviewing information similar to this forum and others.  On average  I am doing 2 or 3 internal tests a month at 3 - 4 days each and 4 or 5 external tests from the office coming across the internet at there firewall and public facing DMZ.

Thank you all for your reply.  We do pen testing and IT auditing for Financial Institutions and Medical Firms for compliance to HIPPA and FFIEC regulations that recommend them to have internal and external penetration testing by a third party organization.  Most of our clients are small to medium sized community banks or credit unions.  We established or secuirty consulting roughly 2 or 3 years back as kind of a spin off of our normal core business.  We are lucky enough to offer other products to our customers which already gives us a foot in the door, and what I believe to be the biggest factor in selling consulting services to our customers which is trust.  Since we started we have found that the bulk of our work is now coming from word of mouth and repeat business from previous clients that we have done testing for which is the core to being sucessful in this industry.  As far as tools that we use:

Port Scanners - nmap, solarwinds (used for multiple purposes), hping
Firewall Testing - nmap, hping, firewalk
Scanners - Nessus, GFI Languard, Sara
Web Application Scanner - Web Inspect, Nikto
Password - Cain, John, Rainbow Tables, Sam Inside
Brute Force - Hydra, Brutus, tsgrinder, tscrack,
Sniffer - tcpdump, wireshark/ethereal, Network General Sniffer Pro
Wireless - Kismet, NetStumbler, Aircrack suite of tools for cracking WEP etc...
Exploit Tools - Metasploit, CANVAS, for bigger jobs we will buy a consulting license of Core but the majority of them we do not due to cost.
Bootable Linux - BackTrack

I am sure I missed some but the above is what I would call the core tools that we use.  Of course there are several others that we use in different situations as well as manual methods of compromising systems without running automated tools.

And the best tool of all "Google".  Just kidding but I have found in my researching that there is an unlimited amount of information out there and if someone looks hard enough they can normally find anything they want if they are patient. 

ChrisG -
We are always looking to hook up with other people to contract out services to.  Unfortunatley where we are located we lose out on alot of work due to travel expenses for us to get to the location.  We have tried to form partnerships with other companies that have consultants across the US but they all charge for the name, and alot of the smaller banks are tightly budgeted and wont spend the money to have a big consulting firm come in.

Kev -
I would be happy to share compare notes with you.  Always interested in learning more and from reading the forums there are alot of really talented people here.

Thanks

Wanted to let you all know how informative and educational your posts on this site are.  I have been browsing the forum for a few months and wanted to introduce myself.  I have been involved in pentesting for a few years, working with small to medium sized financial and medical firms.  Hope I can contribute to this forum in some way to help others with my experiences and knowledge gained along the way.  Keep up the good work and excellent job to all on this forum.