RE: Penetration Testing - Human Factor

From: StyleWar (stylewar@cox.net)
Date: Sat Aug 26 2006 - 19:44:04 EDT

• Next message: KeenerPB@mcnosc.usmc.mil: "Re: Penetration Testing - Human Factor"
• Previous message: StyleWar: "RE: Penetration Testing - Human Factor"
• In reply to: Joey Peloquin: "Re: Penetration Testing - Human Factor"
• Next in thread: Joey Peloquin: "Re: Penetration Testing - Human Factor"
• Reply: Joey Peloquin: "Re: Penetration Testing - Human Factor"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

lol

With respect, I think that's a greater commentary on your contracting
methods than it is on what's available. The Pen-Tests I have run include
everything from physical, to logical, to social/administrative. The
customer has had to opt out on specific methods and attack trees as part of
the preengagement process.

-

StyleWar

"Patriotism isn't defined in a moment. It's defined in a lifetime."

> -----Original Message-----
> From: Joey Peloquin [mailto:joeyp@cotse.net]
> Sent: Wednesday, August 23, 2006 7:10 AM
> To: KeenerPB@mcnosc.usmc.mil
> Cc: Pen-Testing
> Subject: Re: Penetration Testing - Human Factor
>
> KeenerPB@mcnosc.usmc.mil wrote:
> > I would disagree with Arian regarding the technical aspects
> of "true"
> > hacking...in my experience, social engineering plays a huge role in
> > successful compromise of a network. Most of the time the boundaries
> > are pretty tight so you have to lob one over the fence (social
> > engineering) in order to punch out from the inside to
> defeat the boundary devices.
>
> All due respect, I'm both an Enterprise pen-test customer and
> an internal pen-tester at the same company, and I don't see
> social engineering on the radar at all, save a mention as
> part of our security awareness program.
>
> How many enterprises do you all contract with that *actually*
> include social engineering, and the like, in the scope?
> We've paid as much as 40K for an engagement and it didn't
> include social engineering.
>
> -jp
>
> --------------------------------------------------------------
> ----------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> --------------------------------------------------------------
> ----------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: KeenerPB@mcnosc.usmc.mil: "Re: Penetration Testing - Human Factor"
• Previous message: StyleWar: "RE: Penetration Testing - Human Factor"
• In reply to: Joey Peloquin: "Re: Penetration Testing - Human Factor"
• Next in thread: Joey Peloquin: "Re: Penetration Testing - Human Factor"
• Reply: Joey Peloquin: "Re: Penetration Testing - Human Factor"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:51 EDT