Penetration Testing mailing list archives
RE: pentest documentation
From: "Jason M Frey" <jmfrey () jcpenney com>
Date: Tue, 3 Oct 2006 09:07:03 -0500
On UNIX/LINUX console sessions, use "script" and output to a text file. Use the "date" command to output the date and time of events (prior to running a command). On Windows use a screen capture program, such as Snagit, and perform a capture of the screen at periodic intervals. Snagit allows you to take a screen capture automatically at periodic intervals (every 1 minute, 30 seconds, etc.) It also does Video and Text captures. However, for video captures, Camtasia is a better option. Both are provided by TechSmith. Always use the logging features embedded into the tools you are using. If you want to capture network traffic, Wireshark (formerly Ethereal) or tcpdump should be able to do this for you. Use an md5 hash on the files or store in an archive (zip, rar, etc.) and md5 the entire archive. I recommend storing the files/archive on a CD using a Truecrypt (open-source) volume for encryption. This protects you and the client. Jason -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of "Jürgen R. Plasser" Sent: Monday, October 02, 2006 12:04 PM To: pen-test () securityfocus com Subject: pentest documentation Hi All, How do you document and log the pentest session itself? I want to document the pentest process in detail, not only for the customer, but for later reviews and to avoid legal difficulties. What are the best tools to accomplish that or do you even record the sessions on video with a camcorder? Or some kind of screen recorder? Thanks, Jürgen ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?campp1600000008bOW ------------------------------------------------------------------------
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer.
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?campp1600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: pentest documentation, (continued)
- Re: pentest documentation Jürgen R. Plasser (Oct 02)
- Re: pentest documentation Andres Riancho (Oct 02)
- Re: pentest documentation IndianZ (Oct 02)
- Re: pentest documentation Jason Ross (Oct 02)
- Re: pentest documentation Jürgen R. Plasser (Oct 03)
- Re: pentest documentation Jürgen R. Plasser (Oct 02)
- Re: pentest documentation Tonnerre Lombard (Oct 03)