From: Sam Rakowski (masterakowski@gmail.com)
Date: Wed Feb 28 2007 - 06:31:10 EST
I think that this was in The art of Intrusion.
-----Original Message-----
>From: "crazy frog crazy frog" <i.m.crazy.frog@gmail.com>
>Sent: 02.26.2007 17.00.38
>To: "Liam Downward" <ldownward@pervasivesolutions.net>
>Cc: "toggmeister@vulnerabilityassessment.co.uk"
<toggmeister@vulnerabilityassessment.co.uk>, "pen-test@securityfocus.com"
<pen-test@securityfocus.com>
>Subject: Re: Penetration Testing Framework 0.24 released
>
>yeah,i read about this attack somewhere.
>
>On 2/25/07, Liam Downward <ldownward@pervasivesolutions.net> wrote:
>> A possible addition for Social Engineering is to gain entrance to a
>> network via "Human curiosity" with the use of USB thumb drives that
can
>> be of any size (64mb, 512mb etc), that can be strategically dropped in
>> employee area's like, kitchens, parking lots, and or doctor lounges
>> etc...
>>
>> The USB thumb drive contains a simple application that is hidden and
it
>> can capture simple information of the network or you can have the
>> application install a keylogger to capture usernames/passwords etc...
to
>> show the company in question how simple it is to gather information
>> about the network for an attack or to turn machines into bots
>>
>> The application is initiated when an employee has found a USB thumb
>> drive and their curiosity gets the better of them. Then they plug the
>> USB thumb drive into their workstation or laptop to see what is on the
>> USB thumb drive. This is when the hidden application on the USB thumb
>> drive is executed via two methods:
>>
>> 1. If the machine in which the USB thumb drive is plugged into has
>> AutoRun enabled the app will execute.
>> 2. If AutoRun is not enabled then there is shortcuts on the USB thumb
>> drive to entice the employee to click, which will execute the hidden
>> application. Below are some examples of embedded shortcuts:
>>
>> Resume.doc
>> Company Payscale.xls
>> Johnny Cash (I Walk the Line).mp3
>>
>> The application will encrypt the information captured and email to the
>> testers for review, then the application along with the embedded
>> shortcuts will delete themselves from the USB thumb drive.
>>
>>
>> Liam Downward
>>
>> -----Original Message-----
>> From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com]
>> On Behalf Of crazy frog crazy frog
>> Sent: Saturday, February 24, 2007 9:58 AM
>> To: toggmeister@vulnerabilityassessment.co.uk
>> Cc: pen-test@securityfocus.com
>> Subject: Re: Penetration Testing Framework 0.24 released
>>
>> good work :)
>>
>> On 23 Feb 2007 11:43:22 -0000,
>> toggmeister@vulnerabilityassessment.co.uk
>> <toggmeister@vulnerabilityassessment.co.uk> wrote:
>> > Hi all,
>> > The latest version of the Penetration Test Framework has been
>> released and can be found at:
>> >
>> > http://www.vulnerabilityassessment.co.uk/Penetr??ation%20Test.html
>> >
>> > (Pdf version also available)
>> >
>> > Any additions/ suggestions would be gratefully received.
>> >
>> > The next release 0.25 should include a Wireless Pen Test add-on,
with
>> the assistance from the guys at http://www.wirelessdefence.org and
>> hopefully a much extended cisco section that Lee is busy putting
>> together.
>> >
>> > Rgds
>> >
>> > Toggmeister a.k.a Kev Orrey
>> > http://www.vulnerabilityassessment.co.uk
>> >
>>
> ----------------------------------------------------------------------
>> > --
>> > This List Sponsored by: Cenzic
>> >
>> > Need to secure your web apps?
>> > Cenzic Hailstorm finds vulnerabilities fast.
>> > Click the link to buy it, try it or download Hailstorm for FREE.
>> >
>> >
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
>> > 1600000008bOW
>>
> ----------------------------------------------------------------------
>> > --
>> >
>> >
>>
>>
>> --
>> ---------------------------------------
>> http://www.secgeeks.com
>> get a blog on secgeeks :)
>> register here:-
>> http://secgeeks.com/user/register
>> rss feeds :-
>> http://secgeeks.com/node/feed
>> Submit you security articles,send them to secgeek@secgeeks.com
>>
>> http://www.newskicks.com
>> Submit and kick for new stories from all around the world.
>> ---------------------------------------
>>
>> ----------------------------------------------------------------------
-- >> This List Sponsored by: Cenzic >> >> Need to secure your web apps? >> Cenzic Hailstorm finds vulnerabilities fast. >> Click the link to buy it, try it or download Hailstorm for FREE. >> >> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 >> 00000008bOW >> ---------------------------------------------------------------------- -- >> >> > > >-- >--------------------------------------- >http://www.secgeeks.com >get a blog on secgeeks :) >register here:- >http://secgeeks.com/user/register >rss feeds :- >http://secgeeks.com/node/feed >Submit you security articles,send them to secgeek@secgeeks.com > >http://www.newskicks.com >Submit and kick for new stories from all around the world. >--------------------------------------- > >------------------------------------------------------------------------ >This List Sponsored by: Cenzic > >Need to secure your web apps? >Cenzic Hailstorm finds vulnerabilities fast. >Click the link to buy it, try it or download Hailstorm for FREE. > >http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW >------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:37 EDT