Penetration Testing mailing list archives
Re: [PEN-TEST] Penetration X Auditing Teste & other misteries
From: Mark Teicher <mark.teicher () NETWORKICE COM>
Date: Fri, 6 Oct 2000 09:51:17 -0400
This is a very good point, since an adverserial pen test can create a very different dynamic with the customer than coming in as a consultant to work on a particular project. Use some made up project name, set up a tap and start your penetration testing. Remember the whole goal of penetration assessment is to gather information and provide helpful information to the organization you have been engaged by to help them get healthy not sick.. :) /mark At 05:03 PM 8/25/00 -0400, Christopher M. Bergeron wrote:
>>I can still guarantee that 'agreed' test will be much more productive than >>the 'stealth' one. >>Vanja Hrustic Is it possible that if the Net admins 'know' you'll be trying to get, they may try even harder to make it difficult for you? I.e. they go out of their way to apply the last 42 patches that they've been neglecting before you can find something... and thus produce an "inaccurate" portrait of the network. Had the admins not been aware of the test, the network would have been left in a "truer" state. A state more like what a potential black-hat would find in a real world scenario. Or do you consider this a "special case" and not typical?
Current thread:
- Re: [PEN-TEST] Penetration X Auditing Teste & other misteries Mark Teicher (Oct 06)
- <Possible follow-ups>
- Re: [PEN-TEST] Penetration X Auditing Teste & other misteries St. Clair, James (Oct 06)