[Dailydave] TNG Pen Test Tool Questions
Rob Fuller
jd.mubix at gmail.com
Wed Oct 30 00:37:35 EDT 2013
Meh, same questions are always asked of pretty much any purchase IT or not.
1. Does it do what I need it to do (give me control of the system)
2. Is it reliable (switching protocols and comm methods is a technical
detail)
3. Does it have enough oomph (highly technical term, amount of
exploits/0day/MITM/Citrix voodoo)
I doubt very many pentesters will be asking for the features you have
described any time soon. I fear the day when pentesters start asking
FLAME/STUXNET questions like "Which $hardware/$software do you have a
backdoor in"
--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org
On Fri, Oct 25, 2013 at 1:34 PM, David Maynor <dave at erratasec.com> wrote:
> And also "How many exploits does it have?"
> Not everybody is a exploit expert and someone in the chain of command will
> ask if your arbitary value A is larger than competitors arbitrary value A.
>
> On Oct 25, 2013, at 11:54 AM, Dave Aitel <dave at immunityinc.com> wrote:
>
> > The future of penetration testing tools is coming up quickly, and all
> > the questions have changed on you.
> >
> > For example, it used to be that you would ask:
> >
> > o "How many exploits does it have?"
> > o "How fast can it scan a class B?"
> > o "Can it connect back over HTTPS?"
> > o "Can it bounce from host to host within the internal network?"
> > o "Can you automatically choose the right client side attack when people
> > connect to you?"
> > o etc
> >
> > But here are some of the ones we're asking the INNUENDO dev team, which
> > I think are representative of the post FLAME/STUXNET world:
> > o "Is the local persistence store configurable between the registry and
> > file system or other covert data storage?"
> > o "Can I reconfigure the callback protocol on the fly during a file
> > transfer - and does this automatically happen if my HTTPS callback gets
> > suddenly blocked or shut down?"
> > o "How does it handle Citrix?"
> > o "Is the covert file storage automatically encrypted to C&C or is it
> > plaintext or what?"
> > o "Can I store exploit modules encrypted on the machine until the C&C
> > asks for them to be used?" (http://www.securelist.com/en/blog/208193781/
> )
> > o "Does it come with the ability to do raw socket injection on Windows 8
> > x64?"
> > o "How do I write a MITM module?"
> >
> > -dave
> >
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave at lists.immunityinc.com
> > https://lists.immunityinc.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20131030/d81f7944/attachment.html>
More information about the Dailydave
mailing list