.

Is it true?

<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Tue Jan 31, 2012 12:04 am

Is it true?

SO I watched that TV show on NATGEO tonight on the NSA: Inside the NSA.

One of the interesting things that one of the people said that "there is 68,000 hacking tools out there".

Do you think there is that many or was he exaggerating a bit?  Just wondering.
Security+, Network+, C|EH, CHFI, CPT
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Tue Jan 31, 2012 12:44 am

Re: Is it true?

I've never heard a number put on how many tools there are.  I'm curious as to where they got that number, or how they came up with it.  Not sure how'd they come up with a number like that either.  Or if they account for custom tools people make and throw up on their sites that aren't that widely used.  Or if they differentiate between tools created/used by blackhats or ones created/used by pentesters (LOIC vs Metasploit).  Or tools that aren't even being supported/updated/used anymore.

Hmm...curious.  But I don't doubt that there was a bit of exaggeration used there.
Last edited by lorddicranius on Tue Jan 31, 2012 2:13 am, edited 1 time in total.
GSEC, eCPPT, Sec+
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Jan 31, 2012 2:18 pm

Re: Is it true?

But it was on the NatGeo channel so it must be true  ;D For almost all types of hacks, you generally don't need more than 100 tools, as a lot of tools are multi-purpose tools.

Anyway, if they count in all the tools from the beginning till now, including various stealers, bots, viruses, trojans, etc., then 68k is actually wrong, but without viruses, worms, trojans, etc. and only manual tools (+ automated scanners), 68k could be right if you as previously mentioned include stealers, bots, rats, and of course, copies of these that goes under other names but are actually 100% the same version.

If you count an exploit, for a tool, which is generally is as it's a piece of code that you can run, and use as a tool to e.g., exploit an ftp service and thereby gaining access to the actual server, then 68k may sound more reasonable.

It really depends on how you look at it, because anything from a script to a stealer can almost be classified as a tool somehow, thus 68k isn't really that much.

If you count in all the variants of trojans, etc. then you could probably say 300k or even more (probably a million?)  ;D No idea, I think it's either a random number they came up with that sounds cool or from an official report that isn't accurate  :)
I'm an InterN0T'er
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Tue Jan 31, 2012 10:08 pm

Re: Is it true?

Whoa, hold on a sec, Inside the NSA?! Please tell me it will be on again, I will find cable to watch it.
sectestanalysis.blogspot.com/‎
<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Wed Feb 01, 2012 11:05 am

Re: Is it true?

MaXe,

NATGeo never lies, nor does the internet.  So if it's on the internet then it must be true since Al Gore made the internet. 

It was just an interesting comment.  I don't know what the definition of the "hacking tool" that he presented and where he got that number.  Maybe you are right about the whole exploit as a tool.  Maybe that's where he got it from.  I doubt this guy was a worker and physically sat at the computer and stopped an attack.  He was just the overall supervisor it looked like.

Very interesting TV show.  I DVR'd it.  Save for later.  They had a few shots of computer screens and I want to see what they are using.  I did see Linux.

Seph,

It should be on a few times later this week.  Check out NatGeo online and seeif you can watch on their site or on Youtube.
Security+, Network+, C|EH, CHFI, CPT
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Feb 01, 2012 12:00 pm

Re: Is it true?

Well, EH.net alone has nearly 50k members. If you consider a script or small program to be a tool (and why wouldn't you!?), you're close to that number if everyone has written one at one point or another. I've written several "tools" myself ;)

And unlike me, Sil has 10 legitimate ones: http://infiltrated.net/index.php?option ... &Itemid=18

Iron Geek has a lot: http://www.irongeek.com/i.php?page=security/code

And so on. I regularly come across blogs that have a dozen nifty utilities that I've never heard of before.

For as broad as they're making it, 68k is probably low. It's not like they're talking about tools on par Metasploit (which arguably contains hundreds itself), Nmap (the same could be said with NSE), etc.
The day you stop learning is the day you start becoming obsolete.

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software