Exactly what Maxe point out ... for example, reading RFCs and being expert in one or few protocols is my point of topic. I have done some team-work pen tests and what I can say is, that there are a lot of basics, working with out-of-box tools, using msf, core impcat, nessus. I think those tools should be used by security engineers inside company.


I don't think so. Wireless communications are much more than Wi-Fi, BT etc. For example, there are some known attacks on GSM and GPRS. You can attack it with available technology but this is not black-box expertises. Being that mean, that you can built your own attacks or slightly diverse current attacks. Both demand great knowledge in cryptography (specially in stream ciphers), cryptanalysis and also sound knowledge in physical quantities.


This can be a matter of discussion. Anyway I think that being black-box http://en.wikipedia.org/wiki/Black_box expert should give you more work as freelancer.

Hello.

Penetration testing covers lots of different segments (WiFi, SE, Web app, ...). I have been wondering, have anyone specialized himself for doing only one niche pen test segment (For example only RFID or only one type of web app; biometric access control etc.).

Being (black-box) expert and most of the time pursue only one niche segment of pen testing could be beneficial.

Yes.

Also I have time to set-up things, it's not continuous process 24/7. For the beginning would be ok, if the device (tap) could have option to save filtered traffic and send it via smtp on every X hours. In that way the device could be plugged directly in current switch. Ofcourse I don't know if I get such smart Tap device (having laptop in rack for that is not an option).

Yes, inline aggregating tap with filter option is needed, but do I get a device with router capabilities. Traffic should be send over WAN, but without intervention to existing (primary) router.

What kind of device is best to use if I want do "duplicate" and transfer network traffic from one remote facility to other, where analysis will be done?

So I'm looking for best "out-of-box" rack-cabinet appropriate device, sufficiently effective for being placed between switch and router.

Hello.

I'm looking for books that are more advanced and go further/beyond than hacking exposed, counter hack reloaded etc. And also what I miss in pentest books are description of more advanced techniques.

thanks.

Hello.

I'm looking for books which have useful description of not only software but also hardware devices for data encryption. A lot of books in cryptography field are deep in mathematics and crypto systems. But what I need is every day devices and programs for data encryption. I want to be familiar with out-of-box solutions for businesses and governments.

I have tried Maltego V3, great tool.

One questions: Is it possible to get a good book which will teach python from basic, but has to be focused more on python scripting for data, text and web mining?

When do you think, will courses/tutorials/reviews go forward with wireless security?

I still see a lot of contents about WEP cracking and easy bluetooth trick. I think that today to much people use WPA2 and producer's added protections.

There are more and more apps for mobile phones, mobile OS, business wireless technologies etc. Maybe I'm wrong but I think that pentesting on wireless should be more focused on new softare/hardware standards.

Googling with "Open Source IG" has given me lots of results. It kept me busy for weekend. 

Before posting I was wondering how to go "beyond" information gathering, since I'm doing OSCP and already saw Chris Gates presentation.

So thanks for replies, they have given me more to work on.

Hello.

I haven't noticed any course or book about only information gathering (infrastructure & personal data). Also there is some non-official classes of penetration expertises (like exploits development, social engineering, malware analysis, forensics, wireless, etc.). Why is not Information Gathering a class for itself?

Does anyone know when will 3rd edition be released?

Last week we had a problem with web browsing. Since I made static ARP entry on few machines I knew that it is the same symptom like someone doing ARP poisoning. I started wireshark which showed massive activity on destination port 137 from one internal IP adress (machine).

So for the weekend I made my computer vulnerable for ARP attack and set up XARP on it. Today when I was working, XARP started with continious alarm. I opened wireshark to locate IP address (it was the same as last week). Then I started NMAP to identify computer brand and OS. Firstly I was sure, someone started C&A. So I went to the office where this computer was in use. It wasn't C&A; computer from a young girl obviously has a lot of malware. I made netstat -an but didn't go checking IPs. Later I want to deliberately get ARP attack with this computer, but it didn't show up. Only massive knocking on 137/138. I will make fresh install of OS at that computer.

So this is it. Have you been in situation were someone used C&A and you detected it?

I think about protecting on Operator Work station and HMI Web/DB server level. I believe (but i don't know yet) that Operator Work station isn't segregated from corporate network at small local plants in my area.

Is metasploit banned at OSCP exam? I find metasploit auxiliary scanners quite useful.