Re: testing laptop based on bsd anyone



Sorry, I've just realised, the way that gmail was showing the links,
it had associated frenzy with warlinux in the post from jgervacio.
Obviously, warlinux is linux based!

Oops.

On 3/10/06, Robin Wood <dninja@xxxxxxxxx> wrote:
Thanks for that Erin, that was what I was trying to get at.

Anyway, I've now got FreeBSD 6 installed and got my wireless card up
and running so I'm going to give it a try for a while and see how it
goes both as a pen-testing platform and as a day-to-day desktop
distro.

The comment at the top of the SourceForge page for Frenzy says
"A new linux distribution for Wardrivers"
but the second link goes to a page on the the freebsd site so I'll
give it a download and see. Hopefully it will point at some nice BSD
based tools that will increase the arsenal.

Robin

On 3/10/06, Erin Carroll <amoeba@xxxxxxxxxxxxxx> wrote:
Terry,

I wasn't speaking about the relative strengths of security measures within
an OS as a yardstick to determining viability as a pen-test platform. I was
observing that, given BSD's focus on secure code, it's strange that there
aren't more BSD-native tools available. There's a certain allure to BSD's
security focus for a pen-test platform. However, most of the better known
tools out there have multiple rpm/deb/portage (read:Linux) packages but very
few also have BSD ports available.. Which reduces BSD users to compiling
from source. With BSD's different lib and directory structures this can be a
pain to deal with at times. The lack of BSD-centric pen-test tools is
probably a combination of smaller mindshare/marketshare and the inherent
differences from Linux.

Having cut my teeth on OpenBSD back in the day I was hoping someone would
chime in with some suggestions on BSD distros tailored for pen-testing.
Someone mentioned Frenzy which I'll have to check out.

Plus I was trying to stop the helpful (but not list relevant) suggestions on
how Robin could fix his wifi drivers. There's better resources out there for
that kind of support and didn't want to clutter the list with such a
tangent. :)


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"


-----Original Message-----
From: Terry Vernon [mailto:tvernon24@xxxxxxxxxxx]
Sent: Thursday, March 09, 2006 5:38 PM
To: 'Erin Carroll'; 'Robin Wood'
Cc: Woods_Beau@xxxxxxxx; pen-test@xxxxxxxxxxxxxxxxx
Subject: RE: testing laptop based on bsd anyone

I don't think security measures within a system have an after
effect on compiled auditing tools. This makes the decision
about which OS to use more specific to your hardware being
detected without too much hassle and choice of tools based on
platform.

-Terry

-----Original Message-----
From: Erin Carroll [mailto:amoeba@xxxxxxxxxxxxxx]
Sent: Thursday, March 09, 2006 6:00 PM
To: Robin Wood
Cc: Woods_Beau@xxxxxxxx; pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: testing laptop based on bsd anyone


I still haven;t seen anyone really address what I thought was the most
interesting aspect of what Robin was asking by implication: BSD-based
pen-testing systems vs Linux-based. One would think that with
BSD's focus
on secure code and computing practices that it would be ideal for a
pen-test and security-centric launchpad... but I've seen very few
BSD-based distros or packages that weren't ports of Linux
apps. Are there
tings BSD is capable of doing due to system design that Linux
can't (or do
as easily) and vice-versa?

Personally I don't have an operating system preference as I'll use
whatever the best OS (tool) I need for the job at hand. That
being said, I
have run into cases where if something doesn't exist in the BSD ports
packages, getting a tool installed and compiled from source can be a
nightmare. YMMV





On Wed, 8 Mar 2006, Robin Wood wrote:

I had some time on my hands so just went for it and
installed FreeBSD 6.
The
base system starts up ok so now I've got to start loading
all the tools on
it. I've left plenty of drive space so I can dual boot
windows and linux
if
needs be so everything should be catered for.

Off to get wifi working...

Robin

On 3/8/06, Robin Wood <dninja@xxxxxxxxx> wrote:

I had some time on my hands so just went for it and
installed FreeBSD 6.
The base system starts up ok so now I've got to start loading
all the tools
on it. I've left plenty of drive space so I can dual boot
windows and linux
if needs be so everything should be catered for.

Off to get wifi working...


Robin



On 3/8/06, Woods_Beau@xxxxxxxx < Woods_Beau@xxxxxxxx> wrote:


check out FreeSBIE -- They have a nice little live CD
that boots BSD.
They also have a live CD creator, so you can get BSD going
the way you want
it on your hard drive, then turn that custom distro into a
live CD. That
could come in handy if you want to run Windows or something
else and don't
want to dual boot.

-----
Beau Woods
Information Security Analyst
DeKalb Medical Center
(404)501-3825
beau_woods@xxxxxxxx






"Robin Wood" <dninja@xxxxxxxxx>


03/07/2006 05:23 PM


To pen-test@xxxxxxxxxxxxxxxxx

cc


Subject
testing laptop based on bsd anyone








Hi
I'm having problems with wireless pen-tests due to the
linux drivers
for my wireless card and someone suggested trying one
of the BSDs.
Does anyone here use BSD as a base system for
pen-testing from? I was
going to go with FreeBSD as I have a little knowledge
of it already.
Any tips, tricks or gotchas?

Thanks

Robin



--------------------------------------------------------------
--------------
--

This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise,
you need to
proactively
protect your applications from hackers. Cenzic has the most
comprehensive
solutions to meet your application security
penetration testing and
vulnerability management needs. You have an option to go with a
managed
service (Cenzic ClickToSecure) or an enterprise
software (Cenzic
Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for
you to confirm
your
results from other product. Contact us at request@xxxxxxxxxx

--------------------------------------------------------------
--------------
--




________________________________
CONFIDENTIALITY NOTICE: This e-mail, including attachments,
is for the
sole use of the individual(s) to whom it is addressed, and
may contain
confidential and privileged information, including HIPAA protected
PHI. Any unauthorized review, use, disclosure, distribution, or
reproduction is prohibited. If you have received this
e-mail in error,
please notify the sender by reply e-mail and destroy this
message and
its attachments in its entirety.





--------------------------------------------------------------
--------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to
proactively
protect your applications from hackers. Cenzic has the most
comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go
with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic
Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you
to confirm your

results from other product. Contact us at request@xxxxxxxxxx

--------------------------------------------------------------
--------------
--




--------------------------------------------------------------
--------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to
proactively
protect your applications from hackers. Cenzic has the most
comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with
a managed
service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm).

Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to
confirm your
results from other product. Contact us at request@xxxxxxxxxx
--------------------------------------------------------------
--------------
--


--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you
need to proactively
protect your applications from hackers. Cenzic has the most
comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with
a managed
service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to
confirm your
results from other product. Contact us at request@xxxxxxxxxx
--------------------------------------------------------------
----------------

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release
Date: 3/9/2006



--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006





------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx
------------------------------------------------------------------------------



Relevant Pages

  • Re: testing laptop based on bsd anyone
    ... Hopefully it will point at some nice BSD ... I wasn't speaking about the relative strengths of security measures within ... As attacks through web applications continue to rise, ... vulnerability management needs. ...
    (Pen-Test)
  • RE: Sniffing a windows domain authentication
    ... Concerned about Web Application Security? ... As attacks through web applications continue to rise, ... penetration testing and vulnerability management needs. ... now for a limited time we can do a FREE audit for you to confirm your ...
    (Pen-Test)
  • Re: tcpdump reconstructor
    ... Concerned about Web Application Security? ... As attacks through web applications continue to rise, ... vulnerability management needs. ... now for a limited time we can do a FREE audit for you to confirm ...
    (Pen-Test)
  • RE: testing laptop based on bsd anyone
    ... Concerned about Web Application Security? ... As attacks through web applications continue to rise, ... penetration testing and vulnerability management needs. ... now for a limited time we can do a FREE audit for you to confirm ...
    (Pen-Test)
  • RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, he lp the cause
    ... supply of patches (Windows NT4/95/98) these systems should go offline ... Security is always a trade-off. ... This is how Linux and other ... Apache virtually owns the market with more than 60%. ...
    (Full-Disclosure)