Re: "PenTest" a container file



Javier Fernández-Sanguino schrieb:
Thor (Hammer of God) dijo:

modem. I mean, what kind of application development company using their own
encryption algorithm would hire someone to crack it who has to post to
PenTest for advice on what his first steps should be?

You will be surprised at the number of companies (even govt's) that do not do proper background checking of the companies they hire for security. Some companies/agencies just look at the money of the proposal and hire the cheapest guys around.

From my experience, some european companies that have to run audits every year (typically "summarised" to a pentest) and cannot repeat with the same company until X years go by [1] will sometimes contract some very lame company with good "presence" and no skills.

Regards

Javier

[1] Due to legitimate concerns of companies "getting comfortable" and not doing proper work the second time around.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW

------------------------------------------------------------------------


In my opinion he is a student or something like this and they gave it to him as a kind of homework.
I recomended him how to do this but he disagreed and said that he wanted to extract the password from RAM [cough...cough]

saludos
Jan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



Relevant Pages

  • RE: pentest documentation
    ... How do you document and log the pentest session itself? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • Re: Boot floppy
    ... Root kit and other things? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • RE: Informing Companies about security vulnerabilities...
    ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • RE: Boot floppy
    ... I assume you're not in a domain, so you don't have admin privs on the ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • Re: Boot floppy
    ... and the user's own manager won't reign them in, ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)