Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Security Awareness Training

From: John Brightwell <brightwell_151 () yahoo co uk>
Date: Tue, 1 Jul 2003 15:31:22 +0100 (BST)
This is going to be one of those "Mmmm is he a
would-be bad guy" type emails...

I want to get hold of precompiled/scripted exploits
that I can demonstrate in a security awareness course.


I'd set up a victim client, a victim server and an
attacker system.

With this I can demonstrate how browsers can be
manipulated, cookies read, XSS exploited, crafted doc
and pdf files downloaded/emailed to gain access to the
system.

Of course, I want to do all of this for the minimum
effort ... I don't have the time (and probably not the
skill) to code the exploits myself.

I want to do all of this in-house so I can't use
externally hosted exploit demonstrations (I have no
intention of connecting my demo setup to any other
internal network or an external network - certainly
not the Internet)

So does anyone have examples of exploits - preferably
ones that demonstrate the exploit in a dramatic
fashion but without doing any damage (I'd rather not
have to rebuild the machines for every demo). 

The security awareness is actually aimed at my IT
department - but relates to user desktop security.

I only really need a few exploits - the idea being to
demonstrate that the vulnerabilities that I describe
are *real* and not just a figment of my paranoid
imagination. I have a devil of a time convincing them
to keep the applications up to date with security
patches.

I may go on to demonstrate to users as well, as this
could temper how they use the Internet and Email (and
it will be useful for their home usage of the
Internet).

If anyone's done this already I'll be grateful to just
get a copy if that's possible.

Thanks

P.S. Anyone got any ground breaking Security Awareness
solutions? 

__________________________________________________
Yahoo! Plus - For a better Internet experience
http://uk.promotions.yahoo.com/yplus/yoffer.html

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: