Re: Generating awareness amongst IT staff

From: Faheem SIDDIQUI (fahimdxb@gmail.com)
Date: Sat Dec 02 2006 - 00:09:06 EST

• Next message: crazy frog crazy frog: "Re: Pen-testing - pricing model"
• Previous message: Omar Herrera: "RE: Pen-testing - pricing model"
• Maybe in reply to: Faheem SIDDIQUI: "Generating awareness amongst IT staff"
• Next in thread: Eagle Fire: "Re: Generating awareness amongst IT staff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks to all the great tips you guys have given here.
Will need your assistance once I start to lay down the presentation details.

Regards

Sol_Invictus wrote:
> After that tell them that it even easier with a copy of the rainbow tables.
>
> Some tips for them to remember..
>
> 1. Think like the bad guys.
> 2. Be suspicious
> 3. Default Deny
> 4. Know everything on you're network/system.
>
> A tip for you.
>
> Be careful not to "insult their intelligence" Allow them to ask the
> questions if they don't understand.
>
> I've done many of these before, feel free to hit me offlist if you have any
> other questions.
>
> Sol.
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
> Behalf Of Faheem SIDDIQUI
> Sent: Saturday, November 25, 2006 11:14 AM
> To: pen-test@securityfocus.com
> Subject: Generating awareness amongst IT staff
>
> I am in the middle od preparing slides for security awareness presentation
> amongst IT staff (network admins/system/DBAs) etc.
>
> Security awareness is quite low amongst these guys and they seem to believe
> that the way have done it all these years, can continue all the remaining
> years too.
>
> Plan is, to create password hack using Ophcrack and run it during
> presentation. What else can I do to create real time engaging presentation
> so that these guys might sit up and take notice. How about doing a pen test
> on databases?
>
> Anyone has any ideas to make this presentation to largely IT technical
> staff...as engaging as possible?
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
> 0008bOW
> ------------------------------------------------------------------------
>
>
>
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: crazy frog crazy frog: "Re: Pen-testing - pricing model"
• Previous message: Omar Herrera: "RE: Pen-testing - pricing model"
• Maybe in reply to: Faheem SIDDIQUI: "Generating awareness amongst IT staff"
• Next in thread: Eagle Fire: "Re: Generating awareness amongst IT staff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:24 EDT