Penetration Testing mailing list archives

Re: testing laptop based on bsd anyone

From: "Robin Wood" <dninja () gmail com>
Date: Fri, 10 Mar 2006 10:24:32 +0000

Sorry, I've just realised, the way that gmail was showing the links,
it had associated frenzy with warlinux in the post from jgervacio.
Obviously, warlinux is linux based!

Oops.

On 3/10/06, Robin Wood <dninja () gmail com> wrote:

Thanks for that Erin, that was what I was trying to get at.

Anyway, I've now got FreeBSD 6 installed and got my wireless card up
and running so I'm going to give it a try for a while and see how it
goes both as a pen-testing platform and as a day-to-day desktop
distro.

The comment at the top of the SourceForge page for Frenzy says
"A new linux distribution for Wardrivers"
but the second link goes to a page on the the freebsd site so I'll
give it a download and see. Hopefully it will point at some nice BSD
based tools that will increase the arsenal.

Robin

On 3/10/06, Erin Carroll <amoeba () amoebazone com> wrote:

Terry,

I wasn't speaking about the relative strengths of security measures within
an OS as a yardstick to determining viability as a pen-test platform. I was
observing that, given BSD's focus on secure code, it's strange that there
aren't more BSD-native tools available. There's a certain allure to BSD's
security focus for a pen-test platform. However, most of the better known
tools out there have multiple rpm/deb/portage (read:Linux) packages but very
few also have BSD ports available.. Which reduces BSD users to compiling
from source. With BSD's different lib and directory structures this can be a
pain to deal with at times. The lack of BSD-centric pen-test tools is
probably a combination of smaller mindshare/marketshare and the inherent
differences from Linux.

Having cut my teeth on OpenBSD back in the day I was hoping someone would
chime in with some suggestions on BSD distros tailored for pen-testing.
Someone mentioned Frenzy which I'll have to check out.

Plus I was trying to stop the helpful (but not list relevant) suggestions on
how Robin could fix his wifi drivers. There's better resources out there for
that kind of support and didn't want to clutter the list with such a
tangent. :)


--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"

-----Original Message-----
From: Terry Vernon [mailto:tvernon24 () comcast net]
Sent: Thursday, March 09, 2006 5:38 PM
To: 'Erin Carroll'; 'Robin Wood'
Cc: Woods_Beau () dkmc org; pen-test () securityfocus com
Subject: RE: testing laptop based on bsd anyone

I don't think security measures within a system have an after
effect on compiled auditing tools. This makes the decision
about which OS to use more specific to your hardware being
detected without too much hassle and choice of tools based on
platform.

-Terry

-----Original Message-----
From: Erin Carroll [mailto:amoeba () amoebazone com]
Sent: Thursday, March 09, 2006 6:00 PM
To: Robin Wood
Cc: Woods_Beau () dkmc org; pen-test () securityfocus com
Subject: Re: testing laptop based on bsd anyone

I still haven;t seen anyone really address what I thought was the most
interesting aspect of what Robin was asking by implication: BSD-based
pen-testing systems vs Linux-based. One would think that with
BSD's focus
on secure code and computing practices that it would be ideal for a
pen-test and security-centric launchpad... but I've seen very few
BSD-based distros or packages that weren't ports of Linux
apps. Are there
tings BSD is capable of doing due to system design that Linux
can't (or do
as easily) and vice-versa?

Personally I don't have an operating system preference as I'll use
whatever the best OS (tool) I need for the job at hand. That
being said, I
have run into cases where if something doesn't exist in the BSD ports
packages, getting a tool installed and compiled from source can be a
nightmare. YMMV

On Wed, 8 Mar 2006, Robin Wood wrote:

I had some time on my hands so just went for it and

installed FreeBSD 6.
The

base system starts up ok so now I've got to start loading

all the tools on

it. I've left plenty of drive space so I can dual boot

windows and linux
if

needs be so everything should be catered for.

Off to get wifi working...

Robin

On 3/8/06, Robin Wood <dninja () gmail com> wrote:


I had some time on my hands so just went for it and

installed FreeBSD 6.
The base system starts up ok so now I've got to start loading
all the tools
on it. I've left plenty of drive space so I can dual boot
windows and linux
if needs be so everything should be catered for.


Off to get wifi working...


Robin



On 3/8/06, Woods_Beau () dkmc org < Woods_Beau () dkmc org> wrote:



check out FreeSBIE -- They have a nice little live CD

that boots BSD.
They also have a live CD creator, so you can get BSD going
the way you want
it on your hard drive, then turn that custom distro into a
live CD.  That
could come in handy if you want to run Windows or something
else and don't
want to dual boot.


 -----
 Beau Woods
 Information Security Analyst
 DeKalb Medical Center
 (404)501-3825
 beau_woods () dkmc org






"Robin Wood" <dninja () gmail com>


03/07/2006 05:23 PM


To pen-test () securityfocus com

cc


Subject
 testing laptop based on bsd anyone








Hi
 I'm having problems with wireless pen-tests due to the

linux drivers

 for my wireless card and someone suggested trying one

of the BSDs.

 Does anyone here use BSD as a base system for

pen-testing from? I was

 going to go with FreeBSD as I have a little knowledge

of it already.

 Any tips, tricks or gotchas?

 Thanks

 Robin

--------------------------------------------------------------
--------------
--


 This List Sponsored by: Cenzic

 Concerned about Web Application Security?
 As attacks through web applications continue to rise,

you need to
proactively

 protect your applications from hackers. Cenzic has the most

comprehensive

 solutions to meet your application security

penetration testing and

 vulnerability management needs. You have an option to go with a

managed

 service (Cenzic ClickToSecure) or an enterprise

software (Cenzic
Hailstorm).

 Download FREE whitepaper on how a managed service can help you:
 http://www.cenzic.com/news_events/wpappsec.php
 And, now for a limited time we can do a FREE audit for

you to confirm
your

 results from other product. Contact us at request () cenzic com

--------------------------------------------------------------
--------------
--





  ________________________________

CONFIDENTIALITY NOTICE: This e-mail, including attachments,

is for the

sole use of the individual(s) to whom it is addressed, and

may contain

confidential and privileged information, including HIPAA protected
PHI. Any unauthorized review, use, disclosure, distribution, or
reproduction is prohibited. If you have received this

e-mail in error,

please notify the sender by reply e-mail and destroy this

message and

its attachments in its entirety.

--------------------------------------------------------------
--------------
--

This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to

proactively

protect your applications from hackers. Cenzic has the most

comprehensive

solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go

with a managed

service (Cenzic ClickToSecure) or an enterprise software (Cenzic

Hailstorm).

Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you

to confirm your

results from other product. Contact us at request () cenzic com

--------------------------------------------------------------
--------------
--



--------------------------------------------------------------
--------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to
proactively
protect your applications from hackers. Cenzic has the most
comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with
a managed
service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm).

Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to
confirm your
results from other product. Contact us at request () cenzic com
--------------------------------------------------------------
--------------
--


--------------------------------------------------------------
----------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you
need to proactively
protect your applications from hackers. Cenzic has the most
comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with
a managed
service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to
confirm your
results from other product. Contact us at request () cenzic com
--------------------------------------------------------------
----------------

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release
Date: 3/9/2006


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------

Current thread:

testing laptop based on bsd anyone Robin Wood (Mar 07)
- Re: testing laptop based on bsd anyone Ivan . (Mar 08)
  - Re: testing laptop based on bsd anyone Robin Wood (Mar 08)
- Message not available
  - Message not available
    - Re: testing laptop based on bsd anyone Robin Wood (Mar 08)
    - Re: testing laptop based on bsd anyone Erin Carroll (Mar 09)
    - RE: testing laptop based on bsd anyone Terry Vernon (Mar 09)
    - RE: testing laptop based on bsd anyone Erin Carroll (Mar 10)
    - Re: testing laptop based on bsd anyone Robin Wood (Mar 10)
    - Re: testing laptop based on bsd anyone Robin Wood (Mar 10)
- Re: testing laptop based on bsd anyone jgervacio (Mar 09)
- Message not available
  - Re: testing laptop based on bsd anyone Robin Wood (Mar 09)
- Re: testing laptop based on bsd anyone Chris Kuethe (Mar 10)
- <Possible follow-ups>
- RE: testing laptop based on bsd anyone Strand, John (Mission Systems) (Mar 08)
- RE: testing laptop based on bsd anyone Norbert Murzsa (Mar 09)