Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pentesting through the Tor Network
Posted by: qreck
Date: January 19, 2011 09:49PM

As a good penetration tester, you should consider hiding your IP address after it has been determined that the target utilizes dynamic shunning to block the attackers’ source IP address. Also, the mere threat of a upcoming penetration test can travel around an IT staff like the plague. Eventually, you will run up against Network Administrators trying to cover their a$$ by setting up a firewall rule to block your authorized test IP. If so, here is a slick way around it!

http://securitystreetknowledge.com/?p=283

Options: ReplyQuote
Re: Pentesting through the Tor Network
Posted by: lightos
Date: January 20, 2011 09:29PM

I would not recommend doing any testing using Tor since the traffic can be sniffed and viewed by others, putting your clients at risk.

Options: ReplyQuote
Re: Pentesting through the Tor Network
Posted by: PaPPy
Date: January 22, 2011 10:02AM

also at times it is slow as fuck.

when it comes to testing, the longer you take, the better of the change of being detected.

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: Pentesting through the Tor Network
Posted by: qreck
Date: January 22, 2011 10:48AM

Well the trick with improving speed is to try to pick the fastest ExitNode in the country you wish to be in. However, has any one noticed that often the fastest ExitNodes are in the US and tend to be near areas of state-sponsored cyber-defense institutions? Makes me a bit suspicious after I do a GeoIP lookup and it is sitting somewhere in Virginia, Colorado, Texas. Or have I gotten way to paranoid?

Options: ReplyQuote
Re: Pentesting through the Tor Network
Posted by: id
Date: January 24, 2011 04:46AM

no, you're not, paranoia is good

-id

Options: ReplyQuote


Sorry, only registered users may post in this forum.