I have been looking at several forums and one of the things that frustrate me the most is the lack of talk on the areas of proper target enumeration and intel gathering. Everybody is focused in running Nmap, fierce or any other host of tools and forget the true time basics of simply surfing the targeted client's site taking note of the contact information and sending someone from the attack team to do a physical recon, to look for:

• Wireless networks
• Trash disposal methods
• Physical security to the building
• Open and exposed Ethernet network ports
• Exposed USB ports
• Unlocked and unused machines

Last week Muts and the Remote-Exploit.org crew released the beta of Backtrack 3, many updates and some new tools. I have to say that I love this livecd distro, I like it specially for its flexibility for me to add new tools and packages and have it run from a USB stick. you can download the latest version from Remote-exploit.org

I highly recommend the USB version since it has some additional tools that the CD version does not have do to space, I added to my copy Oracle Instant Cclient, Tor, some ruby Gems and a couple of my own scripts on Python and Ruby. I also recommend reading the wiki for more info on this great Live Distro.

I work as a consultant for an IT company for 8 years, in the areas of security and networking. My nick is DarkOperator, I chose that name do to that a consultant that works doing pentests and audits in client networks acting like a cracker, I have to think and act as one, take my time, try to go under the radar, get in if possible and leave with out leaving a trace. I hope we both can enjoy my experiences in this blog.