Dailydave mailing list archives
Re: Pentesters getting owned?
From: Brian <bmc () snort org>
Date: Mon, 3 May 2004 23:16:37 -0400
On Mon, May 03, 2004 at 05:59:25PM -0700, wirepair wrote:
Has anyone ever heard of or seen a pen-testers laptop get owned while their on site?
Sure. I was brought in to validate another team's work after they finished. My scans found an additional machine that they didn't list in their network map. Only after I had compromised it and started looking around, did I realize that it was one of the previous team's laptop that they accidentally left behind. Of course, I know a pen-tester that insecurely setup a HTTP proxies (ala HTTPush) through a VPN without properly protecting the proxy server, allowing one of the various web based worms to leak into the network he was auditing. Brian -- Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms, munching magic pills and listening to repetitive electronic music. -- Kristian Wilson, Nintendo, Inc, 1989 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Security Shindig Today at 5:30pm! Dave Aitel (May 03)
- Pentesters getting owned? wirepair (May 03)
- Re: Pentesters getting owned? John Lampe (May 03)
- Re: Pentesters getting owned? Brian (May 03)
- Re: Pentesters getting owned? wirepair (May 03)
- Re: Pentesters getting owned? Jake (May 03)
- Re: Pentesters getting owned? Nexus (May 04)
- Re: Pentesters getting owned? jan . muenther (May 04)
- RE: Pentesters getting owned? Steve W. Manzuik (May 04)
- RE: Pentesters getting owned? Chad Schieken (May 04)
- Message not available
- Re: Pentesters getting owned? jan . muenther (May 04)
- RE: Pentesters getting owned? Steve W. Manzuik (May 04)
- Re: Pentesters getting owned? Mordy Ovits (May 04)
- Re: Pentesters getting owned? Nexus (May 04)
- Pentesters getting owned? wirepair (May 03)