Using public LDAP directories for attack preparation
- From: "Per Thorsheim" <per@xxxxxxxxxxxxx>
- Date: Wed, 27 Sep 2006 20:27:57 +0200
I've seen a quite a few publicly available LDAP directories on the Internet
containing names, e-mail addresses and other employee information for a
company.
Besides the obvious possibility of harvesting working e-mail addresses for
spam purposes, has anyone successfully used such externally available
directories for doing targeted social engineering attacks as part of a
pentest?
Regards,
Per Thorsheim
CISA, CISM, CISSP
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- Prev by Date: Re: cracking Y2k DC Admin password
- Next by Date: Re: cracking Y2k DC Admin password
- Previous by thread: Exploit module available for WebViewFolderIcon setSlice 0-day
- Next by thread: BlackBoard Academic Suite ?
- Index(es):
