At one point in time, Yahoo was FreeBSD down as was Hotmail. BSD usage is there it just doesn't have as big a footprint (http://uptime.netcraft.com/perf/reports/Hosters?orderby=os_name) and you have to understand the business market to understand why... People want support and with Linux, there is a better chance to find a distribution with pay for play support (Redhat, SuSE, etc) whereas the BSD's are mainly "you're on your own." During the late 90's I worked exclusively on clusters of FreeBSD and Solaris spread out over 200+ servers. Linux wasn't even a thought to any of us at the time. My personal server for my website is running FreeBSD (http://uptime.netcraft.com/up/graph?site=infiltrated.net). I moved away from Solaris because my machine was too big and bulky. When I threw up Infitrated I started with a NetraX1, moved it onto a Netra240, then took it off of the machine entirely because of the power consumption and rackspace abuse (was too big).

Usage of BSD is not as big as Linux or Windows but it is a rock solid operating system once you can get past the distro zealotry (my BSD is better than yours!). Each have specific uses - even though they all can do the same thing - with Open obviously focused towards security, FreeBSD being the "everything" of them all, Net being able to run on everything from a server to a toaster (http://www.embeddedarm.com/software/arm-netbsd-toaster.php). Many people are intimidated with BSD's and often get comfortable with INSERT_SOME_buntu Linux distribution. To me there are slight differences in the syntaxes for applications. Other than that, if you used one, you've used them all. That is with the exception of DragonFLY BSD which is aimed at keeping things *Linuxlike*

As I said before It all depends... It will depend on what your core targets are on the MAJORITY. For example, if you wanna be like somebodydynamik we know and travel all over the country from company to company, chances are you will WANT to know it. You're never going to be in the same environment so it is good to know as it will save you a lot of time and frustration. Now, if you have a core set of clients or work specifically on say a red/blue team for a corporation, you can slack off a bit. The answer is it seriously depends.

When I tinkered/tampered with QNX (Neutrino is strange), I did so because a client of mine had servers and desktops running it. QNX is expensive and has a unique learning curve but not too far from BSD+BeOS so it was easy for me to get a grasp on it rather quickly. Did I want to learn it, not really, but I was better off in the end because of it.

Tinkering with as many operating systems as you can from an ADMINISTRATORS perspective should give you enough to accomplish the most fundamental tasks to validate a pentest... Pop a box, escalate, leave a token, copy the password file, etc., you should know enough at least to run rudimentary commands (even a JR. Admin level suffices to some degree).

There are so many things to learn! But one of the BSD family is on my list of TODOs.

Again, my plan is to start using it for some tasks, like a web proxy or a victim machine in my lab running apache, or a database server, etc... I am in no rush, so I will use it to learn/do something else. Within a year or two, I should be able to know my ways around.

Which one should I start with? FreeBSD, OpenBSD or NetBSD? (I know it depends , but as a target machine for example?)

I understand why I should go after NetBSD and OpenBSD before FreeBSD, but why NetBSD first over OpenBSD?

Thnaks a lot Sil...

Open is rock solid for security. Even though its main author can be difficult and misunderstood, OpenBSD is my first choice at running secure ANYTHING just because right out of the box, one would have a hard time doing much against it. With that said, (difficulty) why waste time unless you're into BSDM + Hacking - you're looking at a mental beating attacking OpenBSD as an operating system. This does not exclude human error (misconfigurations)

FreeBSD + NetBSD have more flexibility installing applications and accomplishing things where as Open, you have to literally fight with it at times to compile things. It will spit out warnings against insecure software, won't allow certain calls to be made if done improperly. It's seriously audited which makes it a horrible move to learn anything from. IF ANYTHING, you learn that a proper framework and mental state leads to good security - which is what Open achieves above everyone else.

NetBSD before the both because if you're on a budget... Jesus, NetBSD will run on just about anything on this planet.

FreeBSD last because FreeBSD can be bloated and overwhelming with "wTH" kind of quirks that if one is not used to, would keep that person frustrated.

Bear in mind here, when I think of pentest on this forum and most of my posts, its not on a "fire and forget" method. I would hope some would take heed to things like defense as well. Offense isn't everything in fact, by understanding defense, you learn how to better build a better offense Make sense?

ALOT of time and dedication, an open mind, tight lips and confidence, mixed with a tad of paranoia