Re: Generating awareness amongst IT staff

From: pand0ra (pand0ra.usa@gmail.com)
Date: Sat Nov 25 2006 - 20:59:47 EST

• Next message: Jessie Ling XX (MC/EPA): "RE: Windows 2003 - Dumping Service Passwords"
• Previous message: pdp (architect): "AttackAPI 2.0 alpha"
• In reply to: Faheem SIDDIQUI: "Generating awareness amongst IT staff"
• Next in thread: arif.jatmoko@sea.ccamatil.com: "Re: Generating awareness amongst IT staff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Break out Nessus and show them what a vulnerability scan looks like on
a test server. Then use Metasploit to show them how easy it is to
compromise the box. Try wireshark/favorite packet capture tool and
show them how much fun it is to capture unencrypted traffic
(preferably their password, which is probably one from a dictionary).
Then grab a clue banana then beat them over the head with it.

On 11/25/06, Faheem SIDDIQUI <fahimdxb@gmail.com> wrote:
> I am in the middle od preparing slides for security awareness
> presentation amongst IT staff (network admins/system/DBAs) etc.
>
> Security awareness is quite low amongst these guys and they seem to
> believe that the way have done it all these years, can continue all the
> remaining years too.
>
> Plan is, to create password hack using Ophcrack and run it during
> presentation. What else can I do to create real time engaging
> presentation so that these guys might sit up and take notice. How about
> doing a pen test on databases?
>
> Anyone has any ideas to make this presentation to largely IT technical
> staff...as engaging as possible?
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Jessie Ling XX (MC/EPA): "RE: Windows 2003 - Dumping Service Passwords"
• Previous message: pdp (architect): "AttackAPI 2.0 alpha"
• In reply to: Faheem SIDDIQUI: "Generating awareness amongst IT staff"
• Next in thread: arif.jatmoko@sea.ccamatil.com: "Re: Generating awareness amongst IT staff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:21 EDT