New Here

<<

shawn

User avatar

Newbie
Newbie

Posts: 15

Joined: Fri Oct 20, 2006 3:38 pm

Post Mon Jan 08, 2007 2:37 pm

New Here

Wanted to let you all know how informative and educational your posts on this site are.  I have been browsing the forum for a few months and wanted to introduce myself.  I have been involved in pentesting for a few years, working with small to medium sized financial and medical firms.  Hope I can contribute to this forum in some way to help others with my experiences and knowledge gained along the way.  Keep up the good work and excellent job to all on this forum.
CEH, CCNA, Security+
<<

don

User avatar

Administrator
Administrator

Posts: 4260

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon Jan 08, 2007 3:23 pm

Re: New Here

Welcome and we look forward to your participation. It's great to have someone with actual pen testing experience contributing to the conversation.

To start, how about sharing with us a little more detail (as much as you can) about what it is you do, the tools you use, wild experiences, etc.

Thanks for coming out of the shadows,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Mon Jan 08, 2007 4:07 pm

Re: New Here

welcome!

i know i am always interested on how to land pen-testing type employment if you have time to go into that.

Chris
<<

Kev

Post Mon Jan 08, 2007 4:28 pm

Re: New Here

Welcome aboard! Sounds like we are involved with similar clients.  It might be fun to compare notes.
<<

shawn

User avatar

Newbie
Newbie

Posts: 15

Joined: Fri Oct 20, 2006 3:38 pm

Post Mon Jan 08, 2007 6:19 pm

Re: New Here

Thank you all for your reply.  We do pen testing and IT auditing for Financial Institutions and Medical Firms for compliance to HIPPA and FFIEC regulations that recommend them to have internal and external penetration testing by a third party organization.  Most of our clients are small to medium sized community banks or credit unions.  We established or secuirty consulting roughly 2 or 3 years back as kind of a spin off of our normal core business.  We are lucky enough to offer other products to our customers which already gives us a foot in the door, and what I believe to be the biggest factor in selling consulting services to our customers which is trust.  Since we started we have found that the bulk of our work is now coming from word of mouth and repeat business from previous clients that we have done testing for which is the core to being sucessful in this industry.  As far as tools that we use:

Port Scanners - nmap, solarwinds (used for multiple purposes), hping
Firewall Testing - nmap, hping, firewalk
Scanners - Nessus, GFI Languard, Sara
Web Application Scanner - Web Inspect, Nikto
Password - Cain, John, Rainbow Tables, Sam Inside
Brute Force - Hydra, Brutus, tsgrinder, tscrack,
Sniffer - tcpdump, wireshark/ethereal, Network General Sniffer Pro
Wireless - Kismet, NetStumbler, Aircrack suite of tools for cracking WEP etc...
Exploit Tools - Metasploit, CANVAS, for bigger jobs we will buy a consulting license of Core but the majority of them we do not due to cost.
Bootable Linux - BackTrack

I am sure I missed some but the above is what I would call the core tools that we use.  Of course there are several others that we use in different situations as well as manual methods of compromising systems without running automated tools.

And the best tool of all "Google".  Just kidding but I have found in my researching that there is an unlimited amount of information out there and if someone looks hard enough they can normally find anything they want if they are patient. 

ChrisG -
We are always looking to hook up with other people to contract out services to.  Unfortunatley where we are located we lose out on alot of work due to travel expenses for us to get to the location.  We have tried to form partnerships with other companies that have consultants across the US but they all charge for the name, and alot of the smaller banks are tightly budgeted and wont spend the money to have a big consulting firm come in.

Kev -
I would be happy to share compare notes with you.  Always interested in learning more and from reading the forums there are alot of really talented people here.

Thanks
CEH, CCNA, Security+
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Mon Jan 08, 2007 9:25 pm

Re: New Here

Welcome aborad Shawn!

Brian
AKA Slimjim100
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

shawn

User avatar

Newbie
Newbie

Posts: 15

Joined: Fri Oct 20, 2006 3:38 pm

Post Tue Jan 09, 2007 8:54 am

Re: New Here

Thanks slimjim
CEH, CCNA, Security+

Return to News Items and General Discussion About EH-Net

Who is online

Users browsing this forum: No registered users and 2 guests

cron
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software