Hi,

Two weeks ago, I took a very quick look at a Windows 2000 server having Remote Desktop wide open to the internet. In addition, many services were listening on known ports and 2 on some odd ports. Among these, a default IIS 5 installed, FTP anonymous access with write privileges, etc. Finally, the box has been forgotten and didn't get patched in the last year...

But I had no authorization to do any scans (other than using nmap), I can't put a sniffer nor can I review firewall or IDS logs. All I can do is to "remote-desktop" to it and have limited privileges. In addition, I am forbidden to use any "powerful" tools...

Meanwhile, I bump into an audio recording of a course about incident handling. The teacher gave a very, very long list of things to look at in order to find out if a system has been compromised.

I can think of probably 20 things I could check (review logs, firewall logs, sniffer, try to detect a rootkit, check users, etc), but I am looking for a checklist, so I won't miss things.

So because of the high probably of this server being already compromised, would any of you know about a check list of things to check to find out if a system was compromised?

My goal if to prove the system has been compromised, so these lazy %$?@#$ server admins would rebuild the box and secure it properly instead of saying "we have no evidence it's been hacked"...

Thanks!

Is this book about "computer-related" social engineering (getting access to a computer) or social engineering in general? I know the same exact concepts apply for both, but just as a curiosity.

I could use some practice on my wife right now... 

Hi Anquilas,

Being a programmer too, I also think Webgoat is good for doing an one hour demo to the other developers. Once you have gone through the exercises and understood them, you can decide to put it on a laptop and and demonstrate the main attacks to the others. I found this very effective to make the other developers realize the importance of validating user input, etc.

I personally think Webgoat is a good learning tool.

I am not ready to do pentests now. In a couple of years, if things go well, I know enough to do a good job (hopefully!!!).

Other then trying very hard to get experience by working with established professionals, when I will start, I will probably ask a bit less then all the others in order to build my name...

I currently own a company, but I am more in web development than anything else right now. But I do know how a business works. I will try to start doing partnership or work for another company just to see how this pentest business works.

Anyway, as i said, I still have a few years ahead of me and I know that patience is gold!

Man I like this forum! 

Now I can't wait to finish PWB!

For what I understood so far, I should:

• Get familiar with the intel x86 assembly language first
• Then pick a debugger/disassembler and get to understand how it works
• Get a few books on reverse engineering (mentioned above!)
• Get mixed in the RE community
• Practice, practice and practice...

It makes all good sense to me! I really hope what I have learned at university 10 years ago will come back to me quickly...

Thanks phn1x!

The thing that becomes more and more obvious to me, is to get 4 books, 2 tutorials and plenty of time!

n1p, I take good note of what you said.

Thanks again for your answers.

What I meant by:

Is the more things you have to know in order to perform a given job, the more difficult it is to find a person like that. In other words, the offer becomes lower and lower. Therefore, salary tend to rise a bit.

But thank you for your answers!

Wow, thanks former33t, you definitively bring a different perspective! But since no one can answer my very vague question, here is another one:

As a contractor, how much can an expert pentester charge per day?

As a comparison, in my web application world, a system architect on a contract with 7 to 10 years of experience will get around $675/day.

How this compare to a very good pentester? My feeling is the pentester needs to know more things than a system architect and therefore, should get more $$.

What do you guys think?

Thanks again guys,

Those these books also covert 64 Bit OS? I know the idea is the same between 32 bit and 64 bit, but you know...

Thanks for the review awesec!

It was indeed useful! As soon as I am done with PWB (OSCP), I will read this book.

Thanks zeroflaw!

I will probably start with "Reversing: Secrets of Reverse Engineering" since it looked good to me too.

And when I said "hand holding", I really meant the book explain at least a little bit what the 32 bit instruction pointer EIP is before playing with it. I wasn't looking at a "For Dummy" book!

On the same topic, do you use OllyDBG on Windows or another program?

Thanks

Hi everyone,

I am looking for a good entry-level reverse-engineering book. I have come across these books:

1) The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler (2008)

2) Reversing: Secrets of Reverse Engineering (2005)

3) Hacking: The Art of Exploitation, 2nd Edition (2008)

4) The Shellcoder's Handbook: Discovering and Exploiting Security Holes (2007)

There are other ones, but these ones seem more popular.

I am a programmer and I took an x86 assembly language course 10 years ago (but I don't remember much!). I am looking for an introduction/hand holding book to start...

So, anyone into reverse-engineering?

Thanks for your answers.

That makes so much sense to reduce costs.

Unless there is a real emergency for a pentest, I would think the client will find it "too easy" if things can get done in 1 or 2 days. Also, it may be hard to bill $3000/day for pentesting. Regardless if the contract is per diem or per assignment, the client will do the math. Don't you think?

I read it too when I did my CEH, but it doesn't say much...

Anyone else have already done pentesting for a company?

Hey,

I am still quite new to the security field and someone asked me yesterday the question: "How much cost a pentest?". Althought the answer to this question is obviously "it depends", I realized I couldn't even answer with a price range. 

In addition, I was recently listening to a pentest security course and the teacher frequently mentioned that there are 2 kinds of pentesters: those who run Nessus and give the report they got and those who do it properly. So the following questions relate to a quality pentest, not just running a tool and printing the report.

For these 3 scenarios, what would be the effort (number of people, time) and the cost for a good test? I didn't give more details about these companies because we always have to give a price range without knowing much...

1) Small company of 10 employees.
2) A mid-size company of 100 employees.
3) A large company of 2000 employees.

My very humble rookie guess would be:

1) 1 person, 5 days, $2500
2) 2 people, 7 days, $7000
3) 4 people, 20 days, $40000

How far off am I? 

Thanks xXxKrisxXx, I appreciate it!

GPEN and GWAPT are a bit pricy for me at the moment, these are indeed very good alternatives!