Penetration Testing mailing list archives
A follow-up on Email Pen-testing
From: Blake <netspan () hotmail com>
Date: 30 Mar 2004 01:45:22 -0000
In-Reply-To: <1145.1080157357 () marajade sandelman ottawa on ca> I appreciate all the great ideas people presented on email pentesting. As a follow-up, when I asked the customer about sending trojans thru email as a part of penetration testing, they declined. As it turns out though, during the pen-testing, the customer did get a .pif trojan from someone else via email. Hence, their internal systems got infected / compromised from the Internet. --Oh, well. Damned if you do, damned if you don't. -Blake ###########
Received: (qmail 32532 invoked from network); 24 Mar 2004 20:57:54 -0000 Received: from outgoing3.securityfocus.com (205.206.231.27) by mail.securityfocus.com with SMTP; 24 Mar 2004 20:57:54 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing3.securityfocus.com (Postfix) with QMQP id BE4AEA3C41; Wed, 24 Mar 2004 13:45:35 -0700 (MST) Mailing-List: contact pen-test-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <pen-test.list-id.securityfocus.com> List-Post: <mailto:pen-test () securityfocus com> List-Help: <mailto:pen-test-help () securityfocus com> List-Unsubscribe: <mailto:pen-test-unsubscribe () securityfocus com> List-Subscribe: <mailto:pen-test-subscribe () securityfocus com> Delivered-To: mailing list pen-test () securityfocus com Delivered-To: moderator for pen-test () securityfocus com Received: (qmail 30483 invoked from network); 24 Mar 2004 13:32:46 -0000 To: pen-test () securityfocus com Subject: Re: Email Pen-testing In-reply-to: Your message of "Wed, 24 Mar 2004 01:10:00 CST." <1080112200.558.165.camel@localhost> X-Mailer: MH-E 7.4.2; nmh 1.0.4+dev; XEmacs 21.4 (patch 6) Date: Wed, 24 Mar 2004 14:42:37 -0500 Message-ID: <1145.1080157357 () marajade sandelman ottawa on ca> From: Michael Richardson <mcr () sandelman ottawa on ca> -----BEGIN PGP SIGNED MESSAGE-----"Frank" == Frank Knobbe <frank () knobbe us> writes:Frank> an Incident Response Exercise to test the response capabilities of a Frank> client. You are less concerned about getting root but instead try to Frank> operate stealthy or in an otherwise defined pattern, attempting to Frank> penetrate, but allowing others to take notes of the response Frank> procedures of the clients incident response team. Like, for instance, do the IT people even know who to call once they have "caught" you? In Canada, the responsability for "computer crime" devolved from the RCMP to the local police forces. Alas, the knowledge and experience did not get passed down. The Ottawa police, as competent as they are for most things, spends all their computer time tracking down child porn and stalkers. If you call them and say, "I'm from Corporation FOO, my firewall was compromised", they offer to send ... the fire department. So, in Ottawa at least, my conclusion is that there isn't a number that can be called anymore. - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQGHkrIqHRg3pndX9AQG4hQP/St4ihxRjdcZSYPne59pUM5//BI05iP1H zU7ZkqcbKvtqi6uKV08/xUxJldOeH9P7S7tM+NtfcEq0JNTYRKpj8q7IxLSgkd5g M+J4GM4T2k+QSBVPoG2aHAXpHrOZlSlDYWlyoqhF0gVCBf6tZoBs5aSsbgqWNa7P ZpEqgBErn9E= =Hrq3 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
--------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- A follow-up on Email Pen-testing Blake (Mar 30)