From: jfvanmeter@comcast.net
Date: Thu Aug 30 2007 - 02:47:55 EDT
Is that all that is outlined in the scope of the test? can I use social engineering and viruses/trojans? can I get phyical access to the site? can i leave a few usb drivers laying around? Am I allowed to DoS production machines?
I would say if I am allowed to use social engineering and leave a few usb drives laying around the site that I can get in.
take care and have fun --John
-------------- Original message ----------------------
From: James Kelly <macubergeek@comcast.net>
> Given this scenario: Red team pen test from the Internet with no
> information or cooperation from IT staff.
>
> What would be a reasonable success rate of breaking in to say at
> least DMZ machines? Of internal hosts on private network?
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:04 EDT