The Moroccan Geek

Des bits d'information qui enrichissent votre quotidien!

Monthly Archives: August 2010

The Good Pentester.

I was looking around for some stuffs about pentesting and I found an excellent article talking about how to get hired as a pentester.

Being a good (Perfect!) pentester doesn’t mean to just be able to run some tools, exploit some systems, and charge the client, but a good Pentester should have certain criteria and methodology of work and some fluency in communication and listening skills, to explain the problems and recommendations and be understood by the clients.
Master the tools and principles of testing is important, but understanding their approaches and methodologies is paramount, by having perfect knowledge of the OSSTMM (Open Source Security Testing Methodology Manual), the OWASP (Open Web Application Security Project), ISSAF (Information Systems Security Assessment Framework) and the guidelines on Network Security Testing by NIST.
Regarding certifications (CEH, CISM, CISA, MCSE, CCNA, CWNP …), they are not mandatory but favorable and desirable.
In addition to the technical side, the tester will have to meet clients and interact with them, with all confidence and with a professional strength of marketing and business, and should especially understand the value of the service he provide to the customer and respect the Non-Disclosure Agreements.

As there are many tools that perform the exact same function, the pentester must have its own customized list of tools that he had gathered and tested.


Android RootKit

Two security researchers From “Spider Labs”, have made the demo of a rootkit for Android At the Defcon, which once installed on a phone (either directly or via an application available on android market) allows the attacker to have a full root remote access to the phone. The connection is established by initiating an outgoing TCP connection via 3G or WiFi. The attacker could steal data, or control the phone.

This rootkit was developed in 2 weeks, and has been distributed on DVD to those who attended the conference, and possibly gonna be avaible on internet in the upcoming weeks, pushing the manufacturers to patch their phones and to focus more on their security.

GLIDE WebOS : Un Système d’exploitation accessible par internet avec 30Gb d’espace.

Similaire EyeOS ou iCloud, GLIDE Web OS est un système d’exploitation hébergé sur internet et qui vous donne accès à un environnement de travail et à des applications préinstallées (agenda, Courriel, éditeur de texte…)

Glide offre aussi à ses utilisateurs un espace de stockage de 30gb baptisé GDrive, et assure la confidentialité des données utilisateurs stockées sur ses serveurs puisqu’il ne les analyse pas.

Autre point positifs de Glide, c’est qu’il n’y a pas de limite de tailles pour les fichiers uploadé ce qui offre un confort pour ceux et celles qui veulent sauvegarder des fichiers importants sur cet espace !

les internautes peuvent acquérir des Go d’espace supplémentaires : 0,20 dollar par Go et par an !