Bacon: A Framework for Auditing and Penetration Testing

Presented at DEF CON 13 (2005), July 30, 2005, 10 a.m. (50 minutes)

Nowadays there is a lack of adequate frameworks to make the security consulters and pen testers life easy. A lot of separated or integrated tools like automating penenetration Testing tools improve their performance but aren't very useful for the real world consultant. Also some languages, which are not too powerful and complex like python makes others tools hard to expand to the public in general. In reality, the need for flexible, modular and extensible but also powerful kind of tool is growing in today's computing security scene due to substantial increases in the security, pen testing and code audit market. The goal of this paper is to motivate a renewed interest and present a solution based on nowadays technologies capable to handle the real world challenges and to be useful.  Bacon is an introduction to a generic framework for penetration testers and consultants.  Bacon is an Open Source modular framework. Bacon's core component is developed in C# and is able to load modules compiled to run in ECMA Common Language Infrastructure, for example C#, C++.NET, VB.NET, IronPython and others. So the core component, GUI and the modules are multi platform. These modules would run on Windows using the Microsoft CLI or Linux using Mono or another CLI implementation. Bacon's core also provides a set of facilities to generate custom reports, utility libraries and module communication. The actual development of Bacon is focused in the core component and three modules, one of them for code auditing, other for web application auditing and the last one for database auditing.

Presenters:

• Hernan Gips
  Hernan Gips worked as security consultant for 6 years in a top security consulting company in Buenos Aires, Argentina. Doing both Pentesting and Code Auditing for local and international companies. He worked as developer and architect in many different technologies including C, C++, Java and .NET. Gips has been a speaker at many local conferences and two international conferences last year, G-Con at Mexico City and the other in Colombia. Gips has been participating in some projects like msyslog.

Links:

• https://defcon.org/html/defcon-13/dc13-speakers.html#Gips

Similar Presentations:

• GrrCON 2013 / Is Auditing C/C++ Different Nowadays
• HOPE 2020 Virtual Rescheduled / QubesOS for Organizational Security Auditing
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??