Re: Re[2]: Generating awareness amongst IT staff

From: nick leachman (nleachman@gmail.com)
Date: Mon Dec 04 2006 - 08:24:30 EST


Hi,

You mention an image of an AS/400 for vmware - can you please provide details?

- Nick

On 12/3/06, pand0ra <pand0ra.usa@gmail.com> wrote:
> Why is there a discussion on doing an attack against live systems? The
> whole purpose if the topic is to give the administrators a clue on
> security. You can demonstrate that without compromising live systems.
> It takes little time to setup a VM server and attack that without
> risking any live systems. Heck, you could even take the image of a
> live system and use that for your VM server if you wanted to make it
> more realistic. As for an AS/400 or what not there are images of those
> out there as well that will run on VM. But as this is an introduction
> doing something with an AS/400 is excessive. The point can be made
> with a simple Windows\Linux box. It might even be helpful to give the
> admins a hands-on for the demo but that depends on how responsible
> they are and if you can trust them with that information (but then
> again you should be able to trust them regardless or they should not
> be there).
>
> On 12/3/06, Roman Shirokov <insecure@yandex.ru> wrote:
> > Hello, Jerome.
> >
> > You wrote
> >
> >
> > > btw Metasploit could just be used to create a file on a target (a common
> > > technique to show that a system is ownable without disturb it)...
> >
> > > My 3 cents...
> > > /JA
> > > This message was checked by NOD32 antivirus system.
> > > http://www.eset.com
> >
> > Anyway the stack will be corrupted and unhandled execution may crash a
> > system. I think using exploits on the opertional servers which have to
> > function 24x7 is too dangerous. First of all agreement should be
> > signed.
> >
> > --
> > Best regards,
> > Roman
> > securitybox@softhome.net
> > http://securitybox.org.ru
> >
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> > ------------------------------------------------------------------------
> >
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

-- 
"The Lord bless you and keep you;
the Lord make His face to shine upon you,
and be gracious to you;
the Lord lift up His countenance upon you,
and give you peace."
Num. 6:24-26
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:25 EDT