Re: Best ROI Combination - Metasploit & Training

[Arch Angel <arch3angel () gmail com>]

Josh,

If you have time I would like to discuss, offline, your setup and how 
you run/setup things to accomplish this same goal.  My original goal was 
to use Open Source where I can, but one of the things I knew going into 
this was that world wide we are deploying QRadar very soon so whatever 
work I do now I want to work with that.  I don't want to spend all this 
time building a program only to start over with something else once 
QRadar is deployed.  Hence the reason I reached out to the community for 
others opinions and advice.

Let me know offline if you have time to talk and how to reach you.

--

Thank you,

Robert Miller
http://www.armoredpackets.com

Twitter: @arch3angel


On 12/11/12 1:38 PM, Josh More wrote:
> I don't think Nessus and Nexpose is comparing apples and apples.   The 
> full Security Center compares more fairly to the full Nexpose line.
>
> Personally, what I like about Nessus is that, when paired with 
> Metasploit community and a few other tools, I can cover 90% of what 
> Nexpose + Metasploit Pro gives me for a substantial reduction of the 
> cost.  It takes a bit more time perhaps, but I find that my 
> understanding of what's truly going on is greatly improved.  Then, 
> when you add webby tools like BurpSuite Pro, you can boost your 
> capabilities beyond what Nexpose can do (at least the last time I 
> checked).
>
> That's not to say, of course, that my way is right for everyone. It's 
> just that I've found that the advantages that tools like Nexpose and 
> Core give a team over their open source equivalents are generally 
> useful for experienced teams.  For inexperienced teams, I've more 
> often found them used as crutches that hinder the learning process and 
> I think it's an awful lot of money to pay for a disadvantage.  Given 
> the success of those tools in the market, it may well be that my 
> experiences are in the minority.
>
> In case it helps anyone else, my paid tools are Nessus, BurpSuite Pro 
> and Maltego. Everything else I use is free and open source. This works 
> well until that approach gives you full coverage (which takes a long 
> time for smaller / less mature organizations), then the more expensive 
> tools can accelerate your approach or give you a wider range of coverage.
>
> -Josh More
>
> On Tue, Dec 11, 2012 at 9:10 AM, Arch Angel <arch3angel () gmail com 
> <mailto:arch3angel () gmail com>> wrote:
>
>     Honestly Albert, I can't say that I have a legitment "reason" per
>     say.  I have found, in my experience, to get the full benefit of
>     Nessus you really need Security Center and the other products, but
>     in general that's not a real reason, just a personal opinion.  I
>     have just seen NexPose as a better product over all, in look,
>     feel, and acurancy. However, again this is just my opinion I
>     really don't have a reason outside personal preference I guess.
>     I'm not opposed to diving deeper into Nessus and learning the
>     advanatges or capabilities though.
>     Robert
>     (arch3angel)
>
>     On Tue, Dec 11, 2012 at 9:51 AM, Albert R. Campa
>     <abcampa () gmail com <mailto:abcampa () gmail com>> wrote:
>
>         stand alone Nessus does integrate with Qradar.
>
>         I really like Nessus as a scanner and also as you say, using
>         audit files.
>
>         SANS training like 560 or 542 are both good, offsec training
>         is great as well.
>
>         im interested to know why you dont like Nessus as a
>         vulnerability scanner?
>
>
>         On Mon, Dec 10, 2012 at 6:37 PM, Arch Angel
>         <arch3angel () gmail com <mailto:arch3angel () gmail com>> wrote:
>
>             I would like to thank everyone for the advice and
>             suggestions, it is truly appreciated and welcomed!
>
>             I cannot go into detail as to the company or the status
>             but I can say that in my region we are looking to build a
>             ground up program and are under Visa, MasterCard,
>             Discover, and ISO guidelines / requirements.  We currently
>             have Nessus, which till I walked in had not even been
>             installed.  As a matter of fact I asked which machine it
>             was on, the reply was "Well we couldn't get it licensed
>             because it would have required a firewall change and
>             that's a hassle so we just never installed it".  Needless
>             to say it is installed and I'm working through the trials
>             and tribulations of red tape to get it to do more for us
>             than host discovery.  That being said I absolutely love
>             Nessus but not as a vulnerability scanner.  I like it
>             automating configuration checks, custom audit files,
>             checking Active Directory items, etc..  I prefer NexPose
>             for vulnerability and NexPose seamlessly integrates with
>             Q1 Labs, QRadar SIEM, which I am not sure Nessus does.
>              QRadar is coming down the pipe from corporate before too
>             long.
>
>             I also prefer to invest in good people rather than tools
>             which, as mention above, have a tendency to sit in the
>             virtual bookshelf collecting virtual dust if the people
>             don't know how to use them. This may end up being answered
>             based on $$$ over the 2013 calendar year.  Unfortunately I
>             was not part of the 2013 budget plans, so it may end up
>             being nothing till 2014 :-(
>
>             For example, I am in the process of building a wireless
>             auditing program based on Kismet, and off the shelf
>             hardware.  This is actually working quite well so far
>             during testing!
>
>             -- 
>
>             Thank you,
>
>             Robert Miller
>             http://www.armoredpackets.com
>
>             Twitter: @arch3angel
>
>
>             _______________________________________________
>             Pauldotcom mailing list
>             Pauldotcom () mail pauldotcom com
>             <mailto:Pauldotcom () mail pauldotcom com>
>             http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>             Main Web Site: http://pauldotcom.com
>
>
>
>
>     _______________________________________________
>     Pauldotcom mailing list
>     Pauldotcom () mail pauldotcom com <mailto:Pauldotcom () mail pauldotcom com>
>     http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>     Main Web Site: http://pauldotcom.com
>
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com