Penetration Testing mailing list archives
Re: Using viruses in pen-test
From: Christoph Puppe <puppe () hisolutions com>
Date: Thu, 12 Oct 2006 09:23:37 +0200
Omar Herrera wrote:
Hi Neo, You should really think what needs to be tested. I.e. is it the replication capability or the infection vectors and defences against unauthorized code?
Important point. To test the real world capabilities of anti virus posture of a company you should not only use the eicar-string. In all audits of internal networks I test the av as well. For this I use the eicar, compressed versions of it (zippped, g-zipped, b-zipped, tar, rar etc) and a real world, working and full featured backdoor *without* a proliferation engine. Another test is the same backdoor protected with some binary self-encrypting tool. This always succeeds and the customer understands, that av is only good against known threats. New or custom made malware will sneak by her defenses and do evil. In my opinion a very important point. If the customer doesn't believes me, I even start the backdoor, show the open port, connect with the client and let their ppl have some script-kiddy fun with the test pc. Very convincing! I can do that because the backdoor is tested, tried and proven to be free of any self propagating, installing, registry modifying, infecting or deleting capabilities. At least it has never done anything like that :) -- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Using viruses in pen-test neo anderson (Oct 11)
- RE: Using viruses in pen-test lists (Oct 11)
- Re: Using viruses in pen-test David Swafford (Oct 11)
- RE: Using viruses in pen-test Clint Laskowski (Oct 12)
- Re: Using viruses in pen-test c0redump (Oct 13)
- RE: Using viruses in pen-test Clint Laskowski (Oct 12)
- RE: Using viruses in pen-test Omar Herrera (Oct 11)
- Re: Using viruses in pen-test Christoph Puppe (Oct 12)
- <Possible follow-ups>
- RE: Using viruses in pen-test Hagen, Eric (Oct 11)