RE: WHERE DO YOU KEEP YOUR EXPLOIT ARCHIVE AND DATABASE

From: Jerry Shenk (jshenk_at_decommunications.com)
Date: 02/11/05

  • Next message: marc spamcatcher: "Advice for a spread*** macro that calls home?" 
    To: "'Steve A'" <steve@logicallysecure.org>, <pen-test@securityfocus.com>
Date: Fri, 11 Feb 2005 11:13:44 -0500

    The whoopix live CD has a TON of stuff on it. You might want to throw
    that in your arsenal. Obviously it won't have everything but, it does
    have quite a bit. One downside for what you're doing is that the entire
    CD is an image so getting the files without booting the CD is more
    difficult. You might want to boot the CD, pull off the pentest library
    and put that uncompressed on another CD that could be easily popped into
    any running machine.

    http://www.whoppix.net/download.php

    -----Original Message-----
    From: Steve A [mailto:steve@logicallysecure.org]
    Sent: Thursday, February 10, 2005 8:52 PM
    To: pen-test@securityfocus.com
    Subject: WHERE DO YOU KEEP YOUR EXPLOIT ARCHIVE AND DATABASE

    Please excuse this pen testing admin type question . . . .
     
    We are looking to undertake a series of penetration tests in areas that
    preclude easy access to the internet (you know searching etc on the way
    in and limited media movement both in and out).
     
    Now, although we keep our proven exploits with us on read only media, I
    was wondering how others manage to identify what is exploitable and what
    is not especially as you never know what you are going to find.
    Basically, I am looking to build a database (hosting software tbd) and
    was looking to see how others have tackled the problem of so many
    exploits/vulnerabilities being out there and knowing what notices to
    include and what to exclude.
     
    Thanks
     
    Steve A

  • Next message: marc spamcatcher: "Advice for a spread*** macro that calls home?"
    • Quantcast