Email Pen-testing
From: Blake (netspan_at_hotmail.com)
Date: 03/20/04
- Previous message: Antonio Varni: "RE: Evading IDS?"
- Next in thread: Kevin: "RE: Email Pen-testing"
- Reply: Kevin: "RE: Email Pen-testing"
- Maybe reply: hwertz_at_voltron.homelinux.org: "Re: Email Pen-testing"
- Reply: Mike Sues: "RE: Email Pen-testing"
- Maybe reply: Reava, Jeffrey: "RE: Email Pen-testing"
- Reply: Joe Blatz: "Re: Email Pen-testing"
- Reply: Al Smolkin: "Re: Email Pen-testing"
- Maybe reply: Eric McCarty: "RE: Email Pen-testing"
- Reply: Andreas: "Re: Email Pen-testing"
- Reply: Michael Richardson: "Re: Email Pen-testing"
- Maybe reply: Intel96: "FW: Email Pen-testing"
- Maybe reply: Reava, Jeffrey: "RE: Email Pen-testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 20 Mar 2004 16:22:18 -0000 To: pen-test@securityfocus.com('binary' encoding is not supported, stored as-is)
Wanted to get your opinion on something...
Doing a pen-test for a small bank which was proving very difficult to get it. A friend of mine suggested I send a backdoor trojan attachment via an email. If they clicked on it, the backdoor performs maybe a boxscan, grab passwords, and connects out to the Internet. --Much like a virus.
I think this type of testing is becoming more relevant nowadays, especially with whats out there. It reinforces properly configured antivirus software and user awareness.
I spoke with a previous customer of mine about the idea. He said he would be very upset if he was not told prior to that type of test as part of normal pen-testing.
Generally speaking, my code of ethics doesn't allow me to social engineer. I don't like lying and misleading people. Also people tend to hate you after they've been punk'd.
What's your ideas on the email pen-tesing?
-Blake
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Antonio Varni: "RE: Evading IDS?"
- Next in thread: Kevin: "RE: Email Pen-testing"
- Reply: Kevin: "RE: Email Pen-testing"
- Maybe reply: hwertz_at_voltron.homelinux.org: "Re: Email Pen-testing"
- Reply: Mike Sues: "RE: Email Pen-testing"
- Maybe reply: Reava, Jeffrey: "RE: Email Pen-testing"
- Reply: Joe Blatz: "Re: Email Pen-testing"
- Reply: Al Smolkin: "Re: Email Pen-testing"
- Maybe reply: Eric McCarty: "RE: Email Pen-testing"
- Reply: Andreas: "Re: Email Pen-testing"
- Reply: Michael Richardson: "Re: Email Pen-testing"
- Maybe reply: Intel96: "FW: Email Pen-testing"
- Maybe reply: Reava, Jeffrey: "RE: Email Pen-testing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
