Re: Re[2]: Generating awareness amongst IT staff

From: pand0ra (pand0ra.usa@gmail.com)
Date: Mon Dec 04 2006 - 11:59:49 EST


http://www.bsp-gmbh.com/hercules/
Sorry, it had been a while. It is just a mainframe emulator that runs
on Windows systems.

On 12/4/06, nick leachman <nleachman@gmail.com> wrote:
> Hi,
>
> You mention an image of an AS/400 for vmware - can you please provide details?
>
> - Nick
>
> On 12/3/06, pand0ra <pand0ra.usa@gmail.com> wrote:
> > Why is there a discussion on doing an attack against live systems? The
> > whole purpose if the topic is to give the administrators a clue on
> > security. You can demonstrate that without compromising live systems.
> > It takes little time to setup a VM server and attack that without
> > risking any live systems. Heck, you could even take the image of a
> > live system and use that for your VM server if you wanted to make it
> > more realistic. As for an AS/400 or what not there are images of those
> > out there as well that will run on VM. But as this is an introduction
> > doing something with an AS/400 is excessive. The point can be made
> > with a simple Windows\Linux box. It might even be helpful to give the
> > admins a hands-on for the demo but that depends on how responsible
> > they are and if you can trust them with that information (but then
> > again you should be able to trust them regardless or they should not
> > be there).
> >
> > On 12/3/06, Roman Shirokov <insecure@yandex.ru> wrote:
> > > Hello, Jerome.
> > >
> > > You wrote
> > >
> > >
> > > > btw Metasploit could just be used to create a file on a target (a common
> > > > technique to show that a system is ownable without disturb it)...
> > >
> > > > My 3 cents...
> > > > /JA
> > > > This message was checked by NOD32 antivirus system.
> > > > http://www.eset.com
> > >
> > > Anyway the stack will be corrupted and unhandled execution may crash a
> > > system. I think using exploits on the opertional servers which have to
> > > function 24x7 is too dangerous. First of all agreement should be
> > > signed.
> > >
> > > --
> > > Best regards,
> > > Roman
> > > securitybox@softhome.net
> > > http://securitybox.org.ru
> > >
> > >
> > > ------------------------------------------------------------------------
> > > This List Sponsored by: Cenzic
> > >
> > > Need to secure your web apps?
> > > Cenzic Hailstorm finds vulnerabilities fast.
> > > Click the link to buy it, try it or download Hailstorm for FREE.
> > > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> > > ------------------------------------------------------------------------
> > >
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> > ------------------------------------------------------------------------
> >
> >
>
>
> --
> "The Lord bless you and keep you;
> the Lord make His face to shine upon you,
> and be gracious to you;
> the Lord lift up His countenance upon you,
> and give you peace."
>
> Num. 6:24-26
>

"I do not believe in free will." - Einstein

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:25 EDT