Back in January, I presented on "Ethical Hacking" at the Upstate SC ISSA Chapter's monthly meeting (www.upstate-issa.org). Not a fan myself of the "Ethical Hacking" term (I think of Jack Daniel and his "reluctant CISSP" label here - blog.uncommonsensesecurity.com), we discussed the evolution of the term over the last five years or so, along with the rise of the Certified Ethical Hacker (CEH) and other similar certifications. The main focus of the presentation was to introduce attendees to the final release of BackTrack 4 and the numerous tools it offers for penetration testing, ethical or not, along with each step of pen testing as outlined within the BackTrack 4 menu itself:
- Information Gathering
- Network Mapping (typically my favorite section as a non-recovering Nmap addict)
- Vulnerability Identification
- Penetration
- Privilege Escalation
- Maintaining Access
While unfortunately our presentation was limited on time and we weren't able to cover some of the great services BackTrack 4 offers like the automated Snort installation or vulnerability assessments using OpenVAS, we were able to wrap up with examples of our friend Metasploit and the Social Engineering Toolkit. I've been a long time fan of BackTrack going back to the Whax/Auditor and BT1 days, when it was easier to say BackTrack than Knoppix 'STD' without someone laughing. BackTrack 4 is by far the most useful release we've seen to date from the Remote Exploit gang (remote-exploit.org) and it makes up for any issues or deficiencies that might have existed in BT3 (not that I'm saying there were any). Such love and incredible craftsmanship went into this distribution without question.
Hint to New BackTrack Users - Just don't forget to enable BackTrack 4's network service using sudo start-network. I can't tell you how many different systems I originally tried using the BackTrack 4 BETA on thinking the newer network cards weren't supported in BackTrack 4. No words of frustration were intentially directed at BackTrack 4 or the Remote Exploit folks during this time.
A copy of the presentation slides can be found at
http://members.nuvox.net/~mholcomb/training/ISSA/Ethical%20Hacking%20-%20Bacics%20to%20Advanced%20Techniques.ppt.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment