Happy Friday!

I was reading the "Metasploit: The Penetration Tester's Guide" and discovered some new techniques to compromise systems or escalate privileges (such as token impersonization). However they used Metasploit modules for it. Since PWB course doesn't permit Metasploit how could we achieve the same effect with what is allowed to us. Please let me know your thoughts and feedback on this. Thanks all.

Hello All,

Can someone familiar with these products summarize how these 2 products compare?

My understanding was that WebInspect is heavily used for automated testing but then I also notice that Burp Pro has the scanner option which appears to do the same thing.

Any thoughts?

Thanks very much!

Thanks for sharing your views. I have seen people using the term "Low Hanging Fruit". Any tips how to identify these?

Thanks for posting your inputs. I like your views on the port 80 stuff.

PWB course discourages using tools like Nessus and Metasploit for exploting the lab machines. I am fine with it. My question is what should be the approach to find the vulnerabilities. Do you follow any pattern or just go through each service and test them manually? I appreciate if someone can give insights on how much time to spend on each host. The course examples use ftp fuzzing but I am not sure how to apply that technique to other services/ports that are open. Please share your thoughts.

Your recommendations look solid - no doubt. I was envisioning something like Encryption/Decryption as a course that covers all widely implemented platforms into one umbrella. You know there is cost factor too

Hi Everyone!

I was wondering if there is any course focused on encryption/decryption techniques and methods. Something like practically applying BitLocker, EFS, SSL, for Windows. I am sure there would be similar services available for Linux/Unix platform as well. I googled it but couldn't find much. Please share if you have additional information.

Thanks so much!

Thanks all for your inputs. Looks like the ballpark figure is around $1200 - $1500.

Hello All,

I need some recommendations buying a laptop solely for security activities such as pentest, owasp testing, malware analysis, forensics and incident response. I do understand there is a need to run multiple VM's, memory intensive tools, etc. Please let me know your thoughts.

How about the dell alienware? Has anyone tried that?

Thanks in advance.

I came across this site recently. I felt it is very well laid out.

http://www.pentest-standard.org/index.php/Main_Page

Have a good one.

MeXe - Thank you very much for your inputs. So it appears the following strategy would be a good start.

1. Pick a host, scan for all TCP ports. Of course with timing options enabled.
2. Repeat step 1 for all the remaining hosts.
3. Pick a host, scan for all UDP ports.
4. Repeat step 3 for all the remaining hosts.
5. Selectively run -sV after analyzing results from step 1 through 4.

Does that sound correct?

Hmm...as I am writing this a question pops.

How do I manage the output? database? text file? greppable format?

Thanks in advance!

Thanks members! Guess will have to do some reading on nmap performance.

Would you prefer to do the scans in little pieces and store the output in database? OR would you prefer greppable output format in text files like say per IP or something...

Hey All - Looks like I need some inputs in planning my nmap scan. Say I have 100 hosts to scan, what's the best way to go about it. I mean I would like to comprehensively scan for all 65000 odd ports both TCP and UDP. Appreciate any tips, tricks, suggestions...

Some more updates on this.

This time I made sure wireshark is enabled while performing the nmap scan, to my strangeness 192.168.xx.0 doesn't show up in the capture. It's however displayed in the nmap output.

I will try it couple more times today and see if I can spot anything.