RE: Blind penetration testing

From: Sanchez, Scott (Scott.Sanchez@gs.com)
Date: 10/02/01 

Message-Id: <E81CDB637D61D511A92800D0B7E4C9D803C0E094@gsny30e.ny.fw.gs.com>
From: "Sanchez, Scott" <Scott.Sanchez@gs.com>
To: 'Trey Mujakporue' <tmujak@lucent.com>, Pen-Test <pen-test@securityfocus.com>
Subject: RE: Blind penetration testing
Date: Tue, 2 Oct 2001 14:55:10 -0400

You are entering risky territory, IMO. You open yourself up to liability by
potentially scanning/hacking another companies resources. I would put this
engagement into multiple phases.

Phase 1: Blind *identification* of companies resources (DIG, nslookup,
whois, d&b, etc.)

After Phase 1 is complete, you go back to the company with your findings.
They then check off the ip's, hosts, domains, locations, etc. that they
authorize you to assess along with an agreement that has been reviewed by
both sides.

Phase 2: Actual testing of authorized resources.

-Scott

DISCLAIMER: My 2c, opinions are mine and do not necessarily reflect those of
my employer or anyone else.

-------------------------------------
Scott C. Sanchez, CISSP
Technology Project Manager

Goldman Sachs Group, Inc.
Information Security Department
1-212-357-9070 (x7-9070)
-------------------------------------

-----Original Message-----
From: Trey Mujakporue [mailto:tmujak@lucent.com]
Sent: Tuesday, October 02, 2001 10:50 AM
To: Pen-Test
Subject: Blind penetration testing

Im about to start work on a completely blind penetraton test for a client.
The only information i have been given is the company name. From this i can
get their corporate web site and from there do a DIG for more company info
and address ranges
after which i can start my reconnaissance.
Question, can anyone out there offer any tips based on this scenario?

#include <signature.h>
://Trey Atarhe Mujakporue
://tmujak@ins.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: Blind penetration testing
    ... Subject: Blind penetration testing ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Blind penetration testing
    ... Subject: Blind penetration testing ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: Cross Site Scripting Vulnerabilities - XSS
    ... Cross Site Scripting Vulnerabilities - XSS ... >> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Cross Site Scripting Vulnerabilities - XSS
    ... Cross Site Scripting Vulnerabilities - XSS ... >>> This list is provided by the SecurityFocus Security Intelligence ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)