Dailydave mailing list archives
RE: Pentesters getting owned?
From: "Steve W. Manzuik" <steve () security-sensei com>
Date: Tue, 4 May 2004 14:21:56 -0600
I've done a lot of pen-tests (not so many anymore) but I have always ran keyloggers on my boxes to record everything I do. Obviously a lot of screenshots are taken and bash histories are kept so I am very careful to remove any back doors left behind. The clean up is always the worst and hardest part though. Lately I have noticed less and less clients wanting a full pen-test and going more the route of a vuln assessment -- which I remember a conversation Dave and I had in Tokyo about how Pen-tests are a complete waste of money -- they are. Not because there is no value in them but because most companies do them at the wrong time. I mean instead of paying the huge rates people still get away with charging (that I wont understand as they are WAY overvalued and I still do this as a business line but for much cheaper than the rest) companies should be spending their money building their security infrastructure or framework (whatever marketing buzzword you want to use) and then have it tested. Doing a Pen-Test before this is done is stupid -- you might as well burn your money because I can almost guarantee that if you haven't spent budget on building security you will get owned with a pen-test.
-----Original Message----- From: jan.muenther () nruns com [mailto:jan.muenther () nruns com] Sent: Tuesday, May 04, 2004 11:07 AM To: Steve W. Manzuik Cc: dailydave () lists immunitysec com Subject: Re: [Dailydave] Pentesters getting owned? Hi there,story. I have experienced network admins monitoring andattempting todrop connections as the team performs the pen-test.Well, that is totally common practice. I've seen this happening over and over, they're watching and changing things on the fly while you're at work. One time I was actually kicked out (they shut down the machine, hah hah) while being logged on... One thing that always concerns me is pen testers forgetting their temporary backdoors and listeners. I usually check twice that I didn't forget anything, but hey, others might not or you may just have a bad day. One of the reasons why you should always thoroughly document what you've done and how... I also recall a story of a fellow pen tester who conducted a pen test on the wireless infrastructure of a client who arrived one day early and already commenced the testing, totally ripping them apart. They didn't notice it and had shut down a lot of systems overnight and were quite surprised by him showing them their passwords on a sheet of paper. Cheers, J.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Pentesters getting owned?, (continued)
- Pentesters getting owned? wirepair (May 03)
- Re: Pentesters getting owned? John Lampe (May 03)
- Re: Pentesters getting owned? Brian (May 03)
- Re: Pentesters getting owned? wirepair (May 03)
- Re: Pentesters getting owned? Jake (May 03)
- Re: Pentesters getting owned? Nexus (May 04)
- Re: Pentesters getting owned? jan . muenther (May 04)
- RE: Pentesters getting owned? Steve W. Manzuik (May 04)
- RE: Pentesters getting owned? Chad Schieken (May 04)
- Message not available
- Re: Pentesters getting owned? jan . muenther (May 04)
- RE: Pentesters getting owned? Steve W. Manzuik (May 04)
- Re: Pentesters getting owned? Mordy Ovits (May 04)
- Re: Pentesters getting owned? Nexus (May 04)
- Pentesters getting owned? wirepair (May 03)