Anyone tried it out, yet? I had to disable IO APIC to get the 64-bit ISO to boot in VirtualBox, and then tell the installer to not use "internet sources" to finish install. I won't have any real time to play around with it until this weekend, but looks good so far.

It's free, download here: http://www.openvas.org/install-packages.html#openvas_windows_gb

I haven't run it in Windows, but I run both the server and the client on a Linux laptop. The server is was actually does the scanning, and the client just manages the server. You can use OpenVAS-Client to manage a OpenVAS-Server, remotely or locally.

It doesn't look like OpenVAS-Server is supported on Windows (there is a Greenbone package available for the client only), so you will need a different place to run the server from, maybe a Linux VM would do the trick for you. You then have the option of running the client from the VM, or from Windows.

Hope that helps!

I've done a review of SEREPICK's Executive Kit (www.serepick.com), and I wanted to share it here.

http://www.jaxlocksport.com/?p=97

Let me know what you think!

I just realized that RaspberryPwn was created by pwnieexpress, so it should be a similar experience. I'll let you guys know if I get a chance to mess around with it, I have several Raspberry Pis to play around with.

Sorry for not providing a link on that. I somehow heard about Code2600 before Reboot, they both look like they will be excellent.

tturner, will do. I'm @hacksonville

Yeah, the Pwnie Express is pretty awesome, and looks like it's packed with features and a more powerful platform. However, you don't have the cost benefit of being able to forget about it and leave it behind, it's quite expensive.
If you get your hands on one of these, let us know!

I agree about reverse tunnel, I had thought of that, too. I just meant that if you keeping external traffic to a minimum to avoid detection, you could always pick it up later to get your results. Either way would be highly effective.

To further the idea, I was thinking that the device could often change its MAC address, IP, spoof other machines, etc. dynamically, to make tracking it difficult. If you were also doing some kind of network monitoring, you could look for events such as a network scan that isn't your own. You could then stop any active attacks and just watch a passive monitor. When it safe, resume the attack.

Has anyone ever toyed around with the idea of using small, discreet, low-power computers (like the Raspberry Pi) as an attack platform? It's small enough that if you got a decent, professional-looking case for it, it could blend in with other network equipment at a client site.

There is a project out there, called RaspberryPwn, that is supposed to be a pentesting Linux distro for the RasPi. It's easy enough to put together your own pentesting tools, especially with something like Arch Linux, but it's still interesting.

Raspberry Pi is not the only platform I have in mind, either. Gooseberry, APC, etc. are similar, each with different specs.

I imagine one could leave a scan running over the course of several days, or weeks, running slow enough to not trigger an IDS, and pick it up later. Some of them are cheap enough that it would be of little concern if you were unable to recover it for some reason (RasPi is only $35).

Anyway, just an idea I had rolling around. Let me know what you think.

Looks like this is premiering at DEFCON, along with Code2600. Very excited to see both of these!

rance, Shmoo was pretty awesome. I wasn't planning on doing the lockpicking competition until you asked me. I had to spend the next 30  minutes picking as many locks as possible because I had been out of practice. If ShmooCon prompted me to start a TOOOL chapter, what kind of craziness is DEFCON going to spawn?

Don, do we have EH Net shirts, yet?

Wow, I missed it by a long shot. Abandoned Linux+, Network+, and Security+. Just passed CPTE a few days ago. Studying for CISSP, hopefully will attempt the exam within the next 90 days.

It's been a busy year for me so far, gotta catch up.

CEHv5 kicked my ass. I failed by 1 point (EC-Council was nice to enough to grant me the certificate anyway after I studied my ass off and was prepared to do a retake), and it was a long exam at a testing center. Mentally and physically exhausting.

CPTE was 100 questions, did it online, it's supposed to be open-book if you have the course materials, and the questions were a bit easier. There were also some bugs. I swear I got the same question twice (at least once), and there was one question that started with "Given the diagram below..." and there was no diagram.

Not sure if it's much of a feat, but I passed the Mile2 CPTE today.

This is a REALLY good book.

This is probably the best way to get a really thorough understanding of Linux. I absolutely recommend this, there is a step by step guide to help you through it.