A follow-up on Email Pen-testing

From: Blake (netspan@hotmail.com)
Date: Mon Mar 29 2004 - 20:45:22 EST


('binary' encoding is not supported, stored as-is) In-Reply-To: <1145.1080157357@marajade.sandelman.ottawa.on.ca>

I appreciate all the great ideas people presented on email pentesting.

As a follow-up, when I asked the customer about sending trojans thru email as a part of penetration testing, they declined. As it turns out though, during the pen-testing, the customer did get a .pif trojan from someone else via email. Hence, their internal systems got infected / compromised from the Internet. --Oh, well. Damned if you do, damned if you don't.

-Blake

###########




>Received: (qmail 32532 invoked from network); 24 Mar 2004 20:57:54 -0000
>Received: from outgoing3.securityfocus.com (205.206.231.27)
> by mail.securityfocus.com with SMTP; 24 Mar 2004 20:57:54 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])
> by outgoing3.securityfocus.com (Postfix) with QMQP
> id BE4AEA3C41; Wed, 24 Mar 2004 13:45:35 -0700 (MST)
>Mailing-List: contact pen-test-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <pen-test.list-id.securityfocus.com>
>List-Post: <mailto:pen-test@securityfocus.com>
>List-Help: <mailto:pen-test-help@securityfocus.com>
>List-Unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:pen-test-subscribe@securityfocus.com>
>Delivered-To: mailing list pen-test@securityfocus.com
>Delivered-To: moderator for pen-test@securityfocus.com
>Received: (qmail 30483 invoked from network); 24 Mar 2004 13:32:46 -0000
>To: pen-test@securityfocus.com
>Subject: Re: Email Pen-testing
>In-reply-to: Your message of "Wed, 24 Mar 2004 01:10:00 CST."
> <1080112200.558.165.camel@localhost>
>X-Mailer: MH-E 7.4.2; nmh 1.0.4+dev; XEmacs 21.4 (patch 6)
>Date: Wed, 24 Mar 2004 14:42:37 -0500
>Message-ID: <1145.1080157357@marajade.sandelman.ottawa.on.ca>
>From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>>>>>> "Frank" == Frank Knobbe <frank@knobbe.us> writes:
> Frank> an Incident Response Exercise to test the response capabilities of a
> Frank> client. You are less concerned about getting root but instead try to
> Frank> operate stealthy or in an otherwise defined pattern, attempting to
> Frank> penetrate, but allowing others to take notes of the response
> Frank> procedures of the clients incident response team.
>
> Like, for instance, do the IT people even know who to call once they
>have "caught" you?
>
> In Canada, the responsability for "computer crime" devolved from the
>RCMP to the local police forces. Alas, the knowledge and experience did
>not get passed down. The Ottawa police, as competent as they are for
>most things, spends all their computer time tracking down child porn and
>stalkers. If you call them and say, "I'm from Corporation FOO, my
>firewall was compromised", they offer to send ... the fire department.
>
> So, in Ottawa at least, my conclusion is that there isn't a number
>that can be called anymore.
>
>- --
>] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
>] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
>] mcr@xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
>] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.2 (GNU/Linux)
>Comment: Finger me for keys
>
>iQCVAwUBQGHkrIqHRg3pndX9AQG4hQP/St4ihxRjdcZSYPne59pUM5//BI05iP1H
>zU7ZkqcbKvtqi6uKV08/xUxJldOeH9P7S7tM+NtfcEq0JNTYRKpj8q7IxLSgkd5g
>M+J4GM4T2k+QSBVPoG2aHAXpHrOZlSlDYWlyoqhF0gVCBf6tZoBs5aSsbgqWNa7P
>ZpEqgBErn9E=
>=Hrq3
>-----END PGP SIGNATURE-----
>
>---------------------------------------------------------------------------
>You're a pen tester, but is google.com still your R&D team?
>Now you can get trustworthy commercial-grade exploits and the latest
>techniques from a world-class research group.
>www.coresecurity.com/promos/sf_ept1
>----------------------------------------------------------------------------
>
>

---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT