.

What OS and Encryption

<<

millwalll

Post Sat Jun 18, 2011 5:05 am

What OS and Encryption

Hi all,

I have been using my Mac and BT5 in Virtual machine up until now. I recently went on a course and for some reason the Virtual Machine would not hold the static IP address what caused me many problems when trying do scans.

So I was thinking of dual booting My mac with another OS and using that as my attacking platform.

Question?
What OS do people use ? I have seen a few pen tester use ubuntu and I think this would be my logical choice since I am used to BT.

Does anyone know if you can dual boot ubuntu with a MAC OS?

Or are there other OS that I should look at ?

Also I have seen a lot of pen tester encrypt there hard drive what the best tool to do this ?

I have heard some companies use mac ports with a mac has anyone done this ? if so how easy is it to update tools ?

Many thanks
<<

cochese86

User avatar

Newbie
Newbie

Posts: 10

Joined: Wed Jun 08, 2011 6:43 pm

Post Sat Jun 18, 2011 8:53 am

Re: What OS and Encryption

Hi Jamie,

Just curious why you wouldn't continue to use BT5 and dual boot with the Mac?

Here's a link on dual booting OSX and Ubuntu (which should work for BT as well).

https://help.ubuntu.com/community/DualBoot/MacOSX
<<

millwalll

Post Sat Jun 18, 2011 10:12 am

Re: What OS and Encryption

Thanks a lot of companies wont let you use Backtrack some can be a little fussy about it.
<<

Ignatius

Jr. Member
Jr. Member

Posts: 91

Joined: Sun Mar 22, 2009 9:51 am

Post Sat Jun 18, 2011 11:06 am

Re: What OS and Encryption

Jamie.R wrote:Thanks a lot of companies wont let you use Backtrack some can be a little fussy about it.


That's interesting - do you mean companies that engage to you do a pentest against their system or companies that employ you as a pen tester to attack others' systems?  I would have thought that, if you are employed as a pen tester to attack a system, it wouldn't matter what tools you used, providing you abided by the agreement in terms of how far you're allowed to penetrate and what you are allowed to do when you have done so.
<<

millwalll

Post Sat Jun 18, 2011 2:34 pm

Re: What OS and Encryption

Yah me too some companies are funny about it as they like to know you have installed and built all the tools and no one put anything dodgy in it.
<<

cochese86

User avatar

Newbie
Newbie

Posts: 10

Joined: Wed Jun 08, 2011 6:43 pm

Post Mon Jun 20, 2011 3:26 pm

Re: What OS and Encryption

I suppose I could understand that.  Have there been reports of that in the 'wild?'  You still have to download and compile all your tools if you use a more generic distro.
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Tue Jun 21, 2011 1:30 pm

Re: What OS and Encryption

Jamie.R wrote:
I have heard some companies use mac ports with a mac has anyone done this ? if so how easy is it to update tools ?

Many thanks





The best tool to encrypt you HDD I would have to say Truecrypt
CCENT, A+, Network+, Security+
<<

Methodikal

Newbie
Newbie

Posts: 10

Joined: Tue Nov 16, 2010 10:10 am

Post Wed Jun 22, 2011 3:33 pm

Re: What OS and Encryption

I'm running a BT5 VM on my Mac. I keep my IP address by setting the VM to bridged mode.
Got EIP?
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jun 22, 2011 4:02 pm

Re: What OS and Encryption

I use a mix of Win7 VM, SamuraiWTF VM and BT5 baremetal and a couple of CentOS 5 VMs I use for infrastructure support when necessary (like SMTP, FTP, etc). My laptop currently boots with BT5 and VMware Workstation but I also have Ubuntu and Win7 boot disks I can swap out when BT5 gets stupid. All my VM's are also backed up on an external USB 3.0 disk I can run off if need be. I store test data on external http://www.mxisecurity.com/ drives that can be remotely wiped if lost or stolen and I routinely wipe after every major test.

The one hole in my setup is that tool output is not as protected as it should be but I try to move results out of those directories and onto my encrypted drive as quickly as possible and then I shred the unencrypted info. For tools that store in a database format I don't have a great solution, but when possible I will use direct database access to purge sensitive info. Ideally I would store the db on external encrypted drive and redirect application paths to those DB's or use FDE. I just have not gotten that paranoid yet.

In the past, I ran Ubuntu and encrypted my home directory with Truecrypt but I have not set that up yet on my BT5 install. I'm currently looking at some other FDE options. I'm open to ideas. I do have a PGP 10 license I can use for WDE but it does not officially support newer versions of Ubuntu so have held off there. I may just have to pull the trigger and see what happens.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software