Re: Newbie Hacker Tools

[AdMod <admods () gmail com>]

Hi Ed,
 Take a look at Auditor (http://remote-exploit.org/?page=auditor) bootable CD 
tool collections. It has a good collection of security auditing tools.
 Also, subscribe to pen-test () securityfocus com. A lot of discussion specific 
to penetration testing and security auditing are going on there. You may also 
just go through the recent mails in their archives. A worthy discussion about 
the tools were going on in the last few weeks.

All the Best!
Regards,
 Sunjith

On Thursday 06 January 2005 07:16, Edmond Chow wrote:
> Hello all,
>
> My name is Ed and I run a technology consulting company.  I have begun
> offering computer security audits to my clients and, as I am not
> experienced in hacking, have been subcontracting this work out.
>
> The written reports that I have received back from the hackers leave much
> to be desired!  Not knowing too much about intrusion detection but
> realizing that when almost nothing is found wrong (from a security
> viewpoint) with a client's network, I am in big trouble!  Either the hacker
> does not have the experience to find any problems or there really are not
> any problems.
>
> On my first few audit assignments, I was barely able to break even as I had
> to hire two independent hackers for each  i.e., a second hacker had to be
> hired to give me an independent assessment of the network.  I then cut and
> pasted the two reports into a final "acceptable" one.
>
> I am at a crossroads where I can either give up on the security audits or
> learn to do them myself.  I have chosen the latter and was hoping to get
> some help from experts like you.  I realize that I will have a steep hill
> to climb but I feel confident that I can learn enough to be much more
> proficient that the hackers that I am currently paying.
>
> I'm really confused about what tools I need in my "toolkit" for
> Windows-related audits.  I've heard a lot about Nessus as a freeware
> program but am confused when I go on the nessus.org site and see that it
> might not be free.  Other programs I've heard of include nmap, SAINT, Newt.
>
> And, perhaps, there are tools out there (either free or not) that would
> provide me with an "audit in a box?"  I'm guessing that the pros have a
> select few tools of the trade that they use.  You've listed a bunch of
> tools on your site as well.  I realize that ethical hacking is an art and
> that no two hackers will use exactly the same tools but I am hoping to
> learn to use the tools they most often use.
>
> Thanks for any help that you can shed on this subject.
>
> Regards,
>
>
> Ed