Since I get asked a lot which tools I typically use for doing certain parts of testing, I’ve decided to compile a short list of stuff I might use in an engagement. They are….
Let me just say that I’m subject to use Backtrack in any phase.
Phase 1 Passive Reconnaissance
- Google (1st stop for passive recon), facebook, myspace, linkedin etc. (Find info on individuals)
- Netcraft (find passive info about web servers.
- Whois
- Geo Spider
- Google Earth
- HTTrack
- Webripper
- Wireshark (I use in almost every phase. I wanna see if their website is sending me any tracking goodies while I’m reconning it.)
- Paros (Same as above, plus I use it to study authentication methods, and other stuff on their sites)
Phase 2 Scanning
- Nmap
- Firewalk
- Hping
- Modem Scan
- THC Scan
- Tone Loc
- p0f
- Solarwinds
- TCPTraceroute
Phase 3 Vulnerability Research
- (I pretty much go manual here, but there’s always Nessus, ISS and others).
- I usually try and build something that looks as close as possible to my target, and practice exploiting them. I count this as part of my vulnerability research.
- Places I check are Secunia, Seclist, Milw0rm, Eeye, Metasploit.com, Securiteam, and a few others.
- Vendor websites.
Phase 4 Penetration/Hacking
Breaking in
- Manual exploit code
- Metasploit
- Core Impact (Large scale (5000 or more nodes to penetrate).
Password Cracking
- Kerb Crack
- Pwdump
- Cain & Able
- John the Ripper
- Rainbow Crack
- Hydra
Trojans & Rootkit
- I usually make my own. But some good POC ones are Poison Ivy, Nuclear RAT, Netbus.
Phase 5 Going Deeper
- Dsniff
- Tcpdump
- Arpspoof
- Putty
- Recub
- Scapy (to trick devices and anything else which accepts or send packets)
- WebScarab (studying HTTPS and other secure authentication processes)
- IDA Pro (reversing any custom apps I find being used internally).
- Olly Debug (same as above).
- Yersinia (VLAN hopping, and other low stack level attacks)
Phase 6 Covering Tracks
- RM, delete, erase, etc (obviously).
- Clearlogs
- Wipe utility
- ADS
- Winzapper (not a big fan, but when I have to…..)
Thanks Keatron! Had a great time in your class last week and learnt ALOT!
Rick. Glad to have you and congrats again on obtaining your CPT and CEH certifications. Keep up the good work!
Keatron.
Thanks
just the steps title make sens to how begin
thanks sir 4 sharing
Nice list, what advice would you give to someone who would be doing self study of CEH and wants to do more security stuff.
i am impres by your presentation. Ilook forward for more of it.
@YakhOo. Thanks for reading. Sharing information is something of a passion of mine.
@Denny. While self study of some certifications is highly recommended, CEH is not really one of those. There is a ton of material, and you really need someone who is 1. Skilled in pentesting and knows security, and 2. Have the ability to relay LOTS of technical information in an easy to digest way in a short amount of time. But if I had to give a single recommendation, I would say spend time here, and ask questions. You’ll have access to me and several other VERY skilled instructors and security professionals. Dan Hasted, Jeremy Martin, and Jack Koziol are all the best in the business, and they all three teach this course as well for Infosec Institute.
@Marcus. Much more coming my friend, we are just getting started!
Thanks for the information Keatron, look forward to more posts.
Interesting stuff, Keatron!!
However, what really defferentiate your infosec from sans institute? Is it your tools, skills, location??
How about the certs vs GIAC, for example GPEN? WHich one is the best in the sec field or have best ROI?
Your clarification would be very much appreciated since your one of the most recongnize figures.
@Bushman. We offer the best training from real world instructors who are actually professionals performing penetration tests and forensics investigations in real life. We specialize in smaller, directed and effective classroom logistics, for example you’d never see us have more than 15 to 18 people in a single class. I know all of our instructors personally, and we are all PASSIONATE about what we do. This shows up in our classes. Additionally are labs are very technical and require each student to do their labs. A good class for us is when a student says “Wow, I learned a lot and I can actually DO the things I learned about and saw the instructor do”. A lot of students in other places come away saying “I saw a lot and was impressed, but I can’t actually do any of the stuff I saw”
@Keatron
I read your views and i am really impressed.If you don’t have any serious technical knowledge and you have started a career in security testing/penetration testing then how to start yourself and what are the things to learn first before going deep into testing.I have landed myself in security testing and I would like to know what is technical knowledge required in this field?Also I don’t have a lot of programming knowledge but to some extent.
Thanks
@Aravind.M
Well, my friend you already made a good first move by coming here. Start with this link.
http://resources.infosecinstitute.com/ideal-skill-set-for-the-penetration-testing/
what is the brief need if IPV6 in ceh chapter scinario,what so special with the combination of these 2 with 3 g chemistry
Surya, I don’t really get your question. Can you elaborate?
thanks a lot for providing this information. thanks
am really interested in ceh though dont have much knowledge on security just got my ccna certification so am thinkin of followin the path of security to strengthen my IT knowledge but the constraint am having is gettin the tutor in my country is quite expensive!1 so i want to know if i can get ebooks to study on my own so as to prepare myself for the exam….
Sean. Self study is certainly an option. As I eluded to in this post <a href="http://resources.infosecinstitute.com/gaining-the-technical-skills-of-a-security-professional/"How to Learn Pentesting Skills
Just know that it’ll take more time.
Good luck.
Greetings Keaton,
What is the best defense from penetrating tools? what I mean, is there a specific firewall, anti-virus, or hips that you would recommend?
Thank You