http://www.tssci-security.com/archives/2008/01/09/day-3-itsm-vulnerability-assessment-techniques/ top secret/secure computing information Fri, 08 Aug 2008 19:11:10 +0000 http://wordpress.org/?v=2.2.3 http://www.tssci-security.com/archives/2008/01/09/day-3-itsm-vulnerability-assessment-techniques/#comment-3593 Marcin Wed, 09 Jan 2008 20:09:10 +0000 http://www.tssci-security.com/archives/2008/01/09/day-3-itsm-vulnerability-assessment-techniques/#comment-3593 Hey nblracer... Having a strong fundamental understanding of the protocols the tools are used for is necessary in knowing how to use the tool. For example, using an HTTP proxy to intercept requests and modify parts of the header, if you know rfc2616, you'll be able to get up and running with the tool no problem. Same goes for using a tool like ettercap and arspoof to perform a MITM attack and sniff traffic, where an understanding of routing and networking concepts and how ARP works is necessary to know how to use the tool effectively... Your comment has sparked an idea for us, in that we'll try to post use cases for the tools we discuss in between postings. Definitely take a look through our archives to get a better understanding of the kinds of research and work we do. More later, I'm inbetween flights. Hey nblracer… Having a strong fundamental understanding of the protocols the tools are used for is necessary in knowing how to use the tool. For example, using an HTTP proxy to intercept requests and modify parts of the header, if you know rfc2616, you’ll be able to get up and running with the tool no problem. Same goes for using a tool like ettercap and arspoof to perform a MITM attack and sniff traffic, where an understanding of routing and networking concepts and how ARP works is necessary to know how to use the tool effectively… Your comment has sparked an idea for us, in that we’ll try to post use cases for the tools we discuss in between postings. Definitely take a look through our archives to get a better understanding of the kinds of research and work we do. More later, I’m inbetween flights.

]]> http://www.tssci-security.com/archives/2008/01/09/day-3-itsm-vulnerability-assessment-techniques/#comment-3591 nblracer Wed, 09 Jan 2008 18:10:19 +0000 http://www.tssci-security.com/archives/2008/01/09/day-3-itsm-vulnerability-assessment-techniques/#comment-3591 I'm new to your blog; And not sure, or had time to dig though the archives, to see how things are done here. But i would like to see some walk though with these tools you mentioned. Just my two cents. I’m new to your blog; And not sure, or had time to dig though the archives, to see how things are done here. But i would like to see some walk though with these tools you mentioned. Just my two cents.

]]>