|
Ethical Hacker Community Forums
|
|
December 01, 2008, 04:31:35 PM
|
Show Posts
|
|
Pages: 1 2 [3] 4 5 ... 24
|
|
31
|
Ethical Hacking Discussions and Related Certifications / Other / Re: using backtrack as a daily use linux distro
|
on: September 16, 2008, 07:06:06 PM
|
|
As I have posted a number of times before, I feel people will be better off compiling their own attack distro. I completely agree with that and in fact I would be willing to say that anyone that could not do that will have a very limited career as a pentester.
However, I see nothing wrong at all with a beginner referencing a tool off of Backtrack to see how a tool should work as he is learning to compile and customize his own distro. I humbly disagree that Backtrack or other live CDs are not an OS and just a tool,especially when installed to the hard drive. Ubuntu is a live CD and I consider that a legitimate OS. As I mentioned before, Muts (whose skill level is highly respected) uses Backtrack as his main distro. A while back, as a fun project, I wanted to see how far I could customize Backtrack and was able with a little effort to customize it into a fairly decent distro that had every media and office app I wanted, etc. I should say that customizing it is different and a little more cumbersome due to its “module” approach. I asked Muts one time why he chose to use Slax instead of another distro that might be a little more universal in its approach. He responded that he chose Slax because of the ease of adding modules before burning the final live CD. That way you could customize your own live CD. Interestingly, he then told me he didn’t run it as a live CD because it was too slow and preferred a hard drive or VMware install. It makes me wonder if down the road he might migrate to something like Ubuntu.
Thats just my perception of it and each person will have to decide whats best for them. I do think you can make a very strong case for compiling your own attack distro, even for casual use by an admin.
|
|
|
|
|
34
|
Ethical Hacking Discussions and Related Certifications / Certification / Re: Information Security Superstars - Cert advice
|
on: September 09, 2008, 07:09:30 PM
|
|
I actually liked silxp's post and enjoy people that post with a little passion, regardless if I agree 100% with them. I still maintain that a cert is only as good as the person behind it. So much depends on what you want to focus on. For instance some doors will be completely closed to you if you don't have a CISSP. In other IT fields you might get along just fine without it. As he stated, take it with a grain of salt and mileage may very. Thanks for taking the time to post your thoughts here silxp.
|
|
|
|
|
35
|
Resources / Tools / Re: Nmap 4.75 Released, Gets Viz
|
on: September 09, 2008, 03:17:27 PM
|
|
Yes thats true and it amazes me that I have an Aunt that is in her late sixties with little computer knowledge that uses Linux just fine! Opps, didnt mean to hijack this thread, lol!
|
|
|
|
|
36
|
Resources / Tools / Re: Nmap 4.75 Released, Gets Viz
|
on: September 09, 2008, 01:25:12 PM
|
|
Yes I agree about the usefulness of a GUI for a demo. When you state that Linux wouldn't be where it is today if it didn't have a nice front end, I assume you mean public appeal? If so, I would say thats also very true. But as fas as it doing much to facilitate hacking, I would say all the eye candy has not had much of an impact and in fact gets in the way sometimes. Command line is still the home for the hacker. Well, at least 80 to 90% of the time.
|
|
|
|
|
37
|
Resources / Tools / Re: Nmap 4.75 Released, Gets Viz
|
on: September 08, 2008, 09:18:01 PM
|
|
When Fyodor demonstrated some of the new aspects of Nmap at the last Defcon, the audience applauded. That actually surprised me considering the tradition of looking down on GUIs.
|
|
|
|
|
41
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Telnet/FTP Security Question
|
on: September 05, 2008, 09:03:03 AM
|
|
Yes, I agree with both the above posts and I was attempting to acknowledge environmental variables. I just have a problem with blanket statements like "The argument that a person should use netcat over telnet or ftp is absurd." Every network will be different and might be subject to different regulation. For instance, if an admin feels his network is too unwieldy or perhaps his skill level isn’t up for the challenge then perhaps the only safe solution is a more generic approach. I am sure we would all agree that in some environmental circumstances the use of tools like netcat would be acceptable and in others it might not be appropriate. If we claim to be hackers as well as network admin and not some “cant think outside the box” corporate suit , being intelligently flexible is a desirable quality and this approach reflects that. Just my 2 cents.
|
|
|
|
|
42
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Telnet/FTP Security Question
|
on: September 04, 2008, 11:06:17 PM
|
|
I agree completely with Grendel's thoughts on this. To disregard a tool because its either too much trouble to implement or it sets off an AV or OMG it’s known to be used by hackers is not a valid approach in my humble opinion. I know a number of very skilled admins that use netcat in their network environment as well as other scary “hacker” tools like nmap, nessus, etc… without any issues what so ever. Why? Well, they are really on top of their security and have everything locked down very tight. Any extra activity from a dreaded hacker tool will be discovered quickly. Obviously an AV is not the only thing in place to monitor activity. However, making generic statements regarding the security of any network can be dangerous. Each situation is different as well as the level of skill of those that have the responsibility of maintaining the flow of the network. Having said that, if tomorrow I get a call from one of these admins saying he got breached because he allowed the use of netcat (I highly doubt it), then I will obviously change my opinion, lol.
|
|
|
|
|
Loading...
|