I wouldn't hesitate to look for intermediate-level security positions.  It would be beneficial if you had additional certs to get past HR filtering, but if you look for smaller companies you can often get past that - large  companies are a completely different beast.

The 6 years of experience doing IDS is enough to qualify you for something other than entry-level slots, even if it was part time.  Getting into a Sr. position is much tougher, though... just keep that in mind and keep improving your skill set.  Also, load up on HR fodder (disclaimer:  I don't think certs prove anything, but it does get interviews, whether people like to admit it or not... so just bite the bullet and get the certs).

I would rather use the best tool for the job, and if that means going through hoops, so be it.


Telnet has a nasty habit of intercepting characters it considers to be commands intended for the telnet application, thus corrupting the data stream.  Also, it will inject data into the stream as well.  With netcat, none of this happens - what you see is unadulterated.

When dealing with a switch, you won't see much difference using telnet over netcat.  However, once you proceed pass simple shell account access activities, netcat really shines.  As to the use of netcat within the context of this topic, I did state outright that the use of netcat was a tangent to this discussion.  Sorry if you thought I implied it was related to the discussion... my bad.


If all we're talking about is shell access, than I will definitely fall back to the original argument that ssh should be implemented.

Yeah, so did I - my solution was to use a VM to get around the AV.

As geekyone posted, netcat can be excluded from anti-virus rules.  Plus, I think symantec is the only av company that's put it on it's default quarantine list (I may be wrong on that one).

The argument still stands, though, that netcat is a better tool than telnet, especially with the ability to process raw traffic.

I'm curious what you see as the advantages telnet have over netcat.

FTP itself may or may not be a threat, depending on the contents of the FTP files and exploitability of the FTP app from within.  You can also set up FTP to be anonymous, in which case this argument is dead.

Telnet itself isn't necessarily a threat - it's the use of telnet to log into a system (ok, technically, it's the transmittal of username and password in cleartext, but you get the idea).  If you intend to allow remote logins, you might as well dictate in the corporate policy that ssh be used.  And if you go that route, you might as well require putty to be used for file transfers.

FTP and telnet (for logging in) are obsolete protocols in 90% of the cases today, and the alternatives are certainly not difficult to implement.  Also, on a tangent, I am baffled why people continue to use telnet in the first place - netcat is much more powerful, and doesn't have the problem of data manipulation that telnet has (...steps off soap box).

I see the incognito mode invaluable on public systems, especially schools, libraries, etc.  It may not do much for privacy across the network, but when someone is done at a public terminal, they'll feel a lot more secure walking away from an incognito session than what happens currently.

The Chrome EULA is being changed:

http://www.mattcutts.com/blog/google-chrome-license-agreement/

Strange that I haven't bumped into this site before - Kev's post hit google, which is how I found it.  I'll definitely be around, and will certainly keep everyone up on the latest pentest livecd releases.

- Tom W.

Kev -

I'm the guy behind the de-ice.net pentest disks, and wanted to thank you for the well-written post and kudos.  It's good to see some people are starting to realize pentesting is so much more than simple vulnerability tests; but obviously there is a lot more work that needs to be done to educate the masses (especially those with a "C" in front of their title or a lot of metal on their shoulders).

I caught that you tried the first two disks, and will agree with you that they can be plowed through pretty quickly by any seasoned pro.  However, you should give the lvl 2 disk a shot - quite a bit more difficult.    We do have a lvl 3 disk in development, but again it will not include known exploits (serious emphasis on "known").  That should be out right around the holiday season (we all need a distraction around that time of year, especially when in-laws are in town, eh?).

Again, thanks for the kudos, and please don't hesitate to contact me with any suggestions / comments / war stories.

- Tom W.