++> Network is Computing <++

PhilippeI am not sure what you are after, but if it is knowledge you seek, then the best way is to walk the walk and play with the tools.However, with so many out there you need to give yourself boundaries, oryou will never reach milestone.I was always told you should learn an OS like you administer it on a day to day basis.  Then learn another one to the same level (industry woulddictate a Windows and a *nix OS would be key starters).Then learn a language you can use - ie one that you will take forwardand use in your day to day work.  If you want develop your own exploits or understand the ones you are using then look at C++ or C#.  Perl is acommon language as is awk, and both can be used to automate your testingand daily routine.  Personally, I find Fedora Core an excellent base OS and I use many shell scripts to automate and gather the information Iwant/need.As to tools, I always believe you should play and understand every toolin your box, else you run the risk of breaking your targets at in-opportune times, through mis-use of your cmdline.To add to your toolset, I would suggest:THC-Hydra (http://www.thc.org/download.php?t=r&f=hydra-5.2-src.tar.gz )is an excellent brute forcing tool (I never got great results withBrutus)AMap(http://www.thc.org/download.php?t=r&f=amap-5.2.tar.gz )  - I knowthis is sort of in nmap but I like to run it separately.GFI (www.gfi.com) - Their Languard Network Security Scanner (NSS) isgood, but I believe version 3.3 was the best for identifying windows epmap and domain info as more revent version has much less 'public'information.Cain&Able (http://www.oxid.it/cain.html ) is very good for sniffing andcapturing data for pen testing purposes - as well as a load of other handy functionsFinally, although a crippled demo bidiblahhttp://www.sensepost.com/research/bidiblah/  (from Sensepost is a goodtool that can be used to gather opensource data about targets (if you are looking into your info gathering procedures).To add to your websites, www.milw0rm.com  is very good for open sourceremote, local and dos exploits.  Up to about 2 days ago I would have suggested www.frsirt.com , but they closed their public exploitrepository :-( .While I am not sure you are into books (as your list don't include any),but any of the Hacking Exposed series, are very handy when stuck, or just looking for a break from the screen.Steve Astevearmstrong<at>logicallysecure.com________________________________From: b1ivrj77 Sent: Thu 16/03/2006 06:00Subject: Penetration tool kitI have read over the internet, books, pdf's and talk with a lot ofpeopleabout security, hacking, cracking and pen-testing. Every time we always talkabout the "Personal tool kit" that every one uses, may it be a completeorincomplete tool kit, the best or worst we all have some tools we like touse. Well I don't.I would'nt say I'm new to security but I can be so bold as to say, I'm goodwith theorical knowledge but pretty poor with practical ones. I want tostart few pen-test on my own machine (to learn stuff up) at home and I'mnotafraid of reading or learning things. But finding the right tool for the right job is for me the most difficult task in security.I see two approaches to my problem and I can explain them both with:"Give aman a fish; he is feeded for a day. Teach him how to fish, he is feed forlife".I would like to know where I could find info & tip's on a Pen-testertoolbox. And I do favor knowledge over script-kidding,Here the knowledge tool box I have: www.insecure.orghttp://www.securityfocus.com/http://www.sans.org/http://www.isecom.org/ http://www.networkintrusion.co.uk/hacking.htmhttp://www.iss.net/http://www.defcon.org/ http://www.snort.org/http://www.blackhat.com/http://www.whitehatsec.com/For the tool part, i know: NessusNmapNc (netcat)EtherealHping2BrutusEnum+AccessDiver (got that one today from a previous email, really happy)NbtscanI use a Windows based laptop and my most trusted Mandriva based laptop (linux)Any help would be greatly appreciated.Philippe RivestA security student (self student)-----------------------------------------------------------------------------This List Sponsored by: Cenzic Concerned about Web Application Security?As attacks through web applications continue to rise, you need toproactivelyprotect your applications from hackers. Cenzic has the mostcomprehensivesolutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managedservice (Cenzic ClickToSecure) or an enterprise software (CenzicHailstorm).Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.phpAnd, now for a limited time we can do a FREE audit for you to confirmyour