Security Awareness Training for SysAdmins

[craigfreyman at gmail.com (Craig Freyman)]

   1. I had two machines set up on two projectors in a conference room, an
   attacker box and a victim box.
   2. I used SET to clone an internal site and asked them to let me know if
   the site looked weird or not, they all agreed it looked perfectly fine. I
   had a colleague log into the site and showed that I could harvest his
   credentials. Eyebrows were raised.
   3. Then I cloned a public site and used the java method to open a
   meterpreter session. They didn't really understand what this was so I did a
   screen screengrab and demonstrated the keylogger and they perked up a little
   more.
   4. Then I sent my colleague a spoofed email from the CEO with a naughty
   pdf attachment. He opened it and i showed them I had access to the box
   again. Simply by opening an attachment.
   5. The last part was what really scared them. I ran the soundrecorder
   script from http://www.darkoperator.com/meterpreter/ and demonstrated
   that I could record their conversations. Now I had their attention.
   6. We're now implementing social engineering training and management is
   on board with our security strategies.


On Thu, Apr 22, 2010 at 10:33 AM, Pommerening, Jeremy <
jpommerening at symbion.com> wrote:

>  Very cool.  Any chance you could share how you accomplished that?  I
> think that would definitely garner some attention at my organization and
> maybe help to make a point in my department.
>
>
>
> *Jeremy Pommerening*
>
> *MGR, Information Security*
>
> *Symbion, Inc.*
>
> *615-234-8912 Direct*
>
> *615-429-6883 BB*
>
> * *
>
> *GIAC - GCFA,GPEN, GAWN & GCFW,*
>
> *GIAC Advisory Board Member*
>
> *MCSE Win2K, MCSE NT4,*
>
> *CompTia SERVER+, HP APS*
>
> * *
>
>
>
> *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:
> pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Craig Freyman
> *Sent:* Thursday, April 22, 2010 9:41 AM
> *To:* PaulDotCom Security Weekly Mailing List
> *Subject:* Re: [Pauldotcom] Security Awareness Training for SysAdmins
>
>
>
> I recently gave a demo to some of our managers and tech support guys using
> SET that blew them away. I followed it up with some of the flashy metasploit
> stuff like the soundrecorder script and the vnc payload. Then, I had
> Metasploit order me a pizza. The demo had a major impact on them and they're
> all of a sudden very open to security awareness training and not bitching
> about having admin rights.
>
> On Wed, Apr 21, 2010 at 11:51 PM, Ng Choon Kiat <choonkiat83 at gmail.com>
> wrote:
>
> Hi,
>
>
>
> I had a simple report on weak password and recommendation. Hope it is
> helpful for you
>
>
>
> This is quite silly, it was shared and posted not long ago here.
>
> http://twitter.com/cs420
>
>
>
> Regards,
>
> Grey
>
> On Thu, Apr 22, 2010 at 10:27 AM, Jorge A. Orchilles <jorgeao at gmail.com>
> wrote:
>
>  Hello all,
>
>
>
> I was asked to put together an outline for a security awareness
> training/talk/presentation aimed at system and network admins. I would like
> to show examples and make it fun. Here are my thoughts so far but would like
> to see if any of you have done this, have resources to point me to, and/or
> feedback on what I have so far:
>
>    - Password construction/management
>
>
>     - Show online password lists for default passwords
>       - Examples of bruteforcing and cracking
>       - Emphasis on having strong and different passwords for each system
>       - Policy
>
>
>    - Online postings related to work
>
>
>     - Social networks
>       - Mailing lists
>       - Vendor sites/forums
>
>
>    - Following best practices
>
>
>     - SANS SCORE
>       - Vendor recommendations
>       - Think of the data
>
>  Thanks in advance,
>
> Jorge Orchilles
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
>
> Disclaimer: The email and files transmitted with it are confidential and
> are intended solely for the use of the individual or entity to whom they are
> addressed. If you are not the original recipient or the person responsible
> for the delivering the email to the intended recipient, be advised that you
> have received this email in error, and that any use, dissemination,
> forwarding, printing or copying of this email is strictly prohibited. If you
> received this email in error, please delete it from your system without
> copying it, and notify the sender by reply email so that our address record
> can be corrected. Thank you. Symbion, Inc.
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100422/465ac3c1/attachment.htm