[Dailydave] TNG Pen Test Tool Questions
David Maynor
dave at erratasec.com
Fri Oct 25 13:34:57 EDT 2013
And also "How many exploits does it have?"
Not everybody is a exploit expert and someone in the chain of command will ask if your arbitary value A is larger than competitors arbitrary value A.
On Oct 25, 2013, at 11:54 AM, Dave Aitel <dave at immunityinc.com> wrote:
> The future of penetration testing tools is coming up quickly, and all
> the questions have changed on you.
>
> For example, it used to be that you would ask:
>
> o "How many exploits does it have?"
> o "How fast can it scan a class B?"
> o "Can it connect back over HTTPS?"
> o "Can it bounce from host to host within the internal network?"
> o "Can you automatically choose the right client side attack when people
> connect to you?"
> o etc
>
> But here are some of the ones we're asking the INNUENDO dev team, which
> I think are representative of the post FLAME/STUXNET world:
> o "Is the local persistence store configurable between the registry and
> file system or other covert data storage?"
> o "Can I reconfigure the callback protocol on the fly during a file
> transfer - and does this automatically happen if my HTTPS callback gets
> suddenly blocked or shut down?"
> o "How does it handle Citrix?"
> o "Is the covert file storage automatically encrypted to C&C or is it
> plaintext or what?"
> o "Can I store exploit modules encrypted on the machine until the C&C
> asks for them to be used?" (http://www.securelist.com/en/blog/208193781/)
> o "Does it come with the ability to do raw socket injection on Windows 8
> x64?"
> o "How do I write a MITM module?"
>
> -dave
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
More information about the Dailydave
mailing list