I have been a subscriber to the Security Focus Pen-Test mailing list for a long time. Over the years the same questions keep coming up and I wish the moderators would stop letting them through. I have compiled my Top 3 Most Annoying questions on the Pen-Test list.

1. What's the best way to learn?/How do I set up a lab?
   This is essentially the same question with the same answer... Virualization. Use free VMWare server and download free tools and practice against your own machines, not other peoples without permission.
   
   
2. What's the best OS/Linux/Bootable CD for Pen-Testing?
   Backtrack - bootable or install it. Any Linux. Windows with Co-Linux or Cygwin.
   
   
3. How to I report a vendor vulnerability?
   OK this is just bragging or attention seeking. There is lots of doco on the net about how to do this.

And finally, I wish newbies (and not so newbies) would use Google before posting questions.

Labels: Security