From: SecurIT Informatique Inc. (securit@iquebec.com)
Date: Fri Feb 06 2004 - 13:41:31 EST
Hello. I wrote such an article almost 3 years back (so the exploits used
may be quite old, but the principles remains the same) entitled "Autopsy of
a successful intrusion (well, two actually)", available online at
http://www.geocities.com/floydian_99/autopsy.html (.txt also available) or
http://iquebec.ifrance.com/securit/whitepapers/autopsy.html. There is also
a spanish translation available on the geocities site.
This paper is a recollection of the events related to 2 penetration testing
contracts that I performed for my employer of the time. Victim's
(customer's) names have been sanitized, there's some humor in the text,
some interesting technical info related to the intrusion itself (although
the whole session is not portrayed, only vital steps), along with an
analysis of these intrusions, why they were successful (both from the
technical and human side), and some surprises I leave the reader to discover.
I've received many good comments about this paper since I wrote it, and if
I remember correctly, I specifically wrote it because I remembered that
someone asked the exact same question as you a few years back.
I hope you like it and that it suits your needs.
BTW, I do not know the end of the stories, since I was caught in a big
change of personnel following a company merger, and didn't work for this
employer long enough to see the impact of the reports I produced for these
events.
Adam Richard, aka Floydman
SecurIT Informatique Inc.
At 12:51 PM 05/02/2004, Rob Havelt wrote:
>Hi All,
>
>I was wondering if anyone could point me at a good resource, as I've been
>looking in several different places, and haven't been able to find quite
>what I needed.
>
>I'm looking for either white papers or case studies or some such detailing
>actual real world attacks (more like real-world computer crime, computer
>fraud, internal attacks, etc. and less on the damage from worms or virus,
>DDoS, or the like) on companies who either didn't know that they had a bad
>security posture, couldn't keep on top of infosec issues, or ones who knew
>(either as the result of a pen test, health check, or some other VA) and
>simply didn't take any steps toward remediation.
>
>There is a ton of theory out there, risk data, and the like, and I have
>all that. I also realize that usually when this happens companies and law
>enforcement agencies, etc. try quite hard to keep the info under wraps for
>the obvious reasons, but I'm thinking that there has to be a few
>whitepapers out there as strictly "cautionary tales".
>
>Anywhere anyone could point me for the info would be much appreciated.
>
>
>--
>oOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOo
>My Life is a dark grey corridor....
>Oh, I've been there, usually there's a midget making googly
>eyes at me... I call him Mr. Pickelini -The Critic
>---------------------------------------------------------------
>rob@cobal.org {pager: rphone@cobal.org) rob.havelt
> PGP Key: http://www.cobal.org/pyrob/pgp-key.html
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------
>
>_____________________________________________________________________
>Un mot doux à envoyer? Une sortie ciné à organiser? Faites le en temps
>réel avec MSN Messenger! C'est gratuit! http://ifrance.com/_reloc/m
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:48 EDT