Re: [PEN-TEST] Penetration X Auditing Teste & other misteries

[Mark Teicher <mark.teicher () NETWORKICE COM>]

This is a very good point, since an adverserial pen test can create a very
different dynamic with the customer than coming in as a consultant to work
on a particular project.  Use some made up project name, set up a tap and
start your penetration testing.

Remember the whole goal of penetration assessment is to gather information
and provide helpful information to the organization you have been engaged
by to help them get healthy not sick.. :)

/mark

At 05:03 PM 8/25/00 -0400, Christopher M. Bergeron wrote:
> >>I can still guarantee that 'agreed' test will be much more productive than
> >>the 'stealth' one.
>
> >>Vanja Hrustic
>
> Is it possible that if the Net admins 'know' you'll be trying to get, they
> may try even harder to make it difficult for you?  I.e. they go out of
> their way to apply the last 42 patches that they've been neglecting before
> you can find something... and thus produce an "inaccurate" portrait of the
> network.  Had the admins not been aware of the test, the network would
> have been left in a "truer" state.  A state more like what a potential
> black-hat would find in a real world scenario.  Or do you consider this a
> "special case" and not typical?