Re: Using 0days as part of pen-test?
- From: ArcSighter Elite <arcsighter@xxxxxxxxx>
- Date: Tue, 13 Jan 2009 16:16:39 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Javier Reyna Padilla wrote:
Well I think that if you can identify a 0day, and you are able to
exploit, then you have a plus over a lot of just-framework-pentesters,
not trying to talk bad about anybody.
Although I haven't though this way, interesting point.
And the point is to probe the
network is vulnerable. I think it is ok to exploit 0days, but ofcourse
you will explain that in the final report, and then you might do
whatever you want with your research. Maybe, things will depend on the
contract you sign with your customer about tecniques, procedures, and
what kind of explotations you are allowed to test.
They requested by almost a full pen-test scenario, including everything
even social engineering.
Javier Reyna-----BEGIN PGP SIGNATURE-----
CCSE WCSE ISS-CS NSP JNCIA-FWV
Consultor en Seguridad
jreyna@xxxxxxxxxxxxxx
www.onlinet.com.mx
,,__
o" )~
''''
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkltBK0ACgkQH+KgkfcIQ8ebGACg1iJLFSqSI87rWj4zTYJp7BGL
9jYAn1LTtxio1Vng3C5h+zOZQL1i9NWf
=D+JM
-----END PGP SIGNATURE-----
- References:
- Using 0days as part of pen-test?
- From: ArcSighter Elite
- Re: Using 0days as part of pen-test?
- From: Javier Reyna Padilla
- Using 0days as part of pen-test?
- Prev by Date: RE: Using 0days as part of pen-test?
- Next by Date: Using 0days as part of pen-test?
- Previous by thread: Re: Using 0days as part of pen-test?
- Next by thread: RE: Using 0days as part of pen-test?
- Index(es):
Relevant Pages
|
