Penetration Testing mailing list archives
Re: Using 0days as part of pen-test?
From: ArcSighter Elite <arcsighter () gmail com>
Date: Tue, 13 Jan 2009 16:16:39 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Javier Reyna Padilla wrote:
Well I think that if you can identify a 0day, and you are able to exploit, then you have a plus over a lot of just-framework-pentesters, not trying to talk bad about anybody.
Although I haven't though this way, interesting point.
And the point is to probe the network is vulnerable. I think it is ok to exploit 0days, but ofcourse you will explain that in the final report, and then you might do whatever you want with your research. Maybe, things will depend on the contract you sign with your customer about tecniques, procedures, and what kind of explotations you are allowed to test.
They requested by almost a full pen-test scenario, including everything even social engineering.
Javier Reyna CCSE WCSE ISS-CS NSP JNCIA-FWV Consultor en Seguridad jreyna () onlinet com mx www.onlinet.com.mx ,,__ o" )~ ''''
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkltBK0ACgkQH+KgkfcIQ8ebGACg1iJLFSqSI87rWj4zTYJp7BGL 9jYAn1LTtxio1Vng3C5h+zOZQL1i9NWf =D+JM -----END PGP SIGNATURE-----
Current thread:
- Re: Using 0days as part of pen-test?, (continued)
- Re: Using 0days as part of pen-test? David Howe (Jan 15)
- we are security critics was: Re: Using 0days as part of pen-test? Pete Herzog (Jan 15)
- Re: we are security critics was: Re: Using 0days as part of pen-test? David Howe (Jan 17)
- Re: Using 0days as part of pen-test? Oliver Schad (Jan 15)
- Re: Using 0days as part of pen-test? Pete Herzog (Jan 17)
- Re: Using 0days as part of pen-test? David Howe (Jan 17)
- Re: Using 0days as part of pen-test? Oliver Schad (Jan 17)
- Re: Using 0days as part of pen-test? David Howe (Jan 20)
- Re: Using 0days as part of pen-test? ArcSighter Elite (Jan 13)
- Re: Using 0days as part of pen-test? ArcSighter Elite (Jan 13)
- Re: Using 0days as part of pen-test? ArcSighter Elite (Jan 13)
- Re: Using 0days as part of pen-test? David Howe (Jan 13)
- Re: Using 0days as part of pen-test? ArcSighter Elite (Jan 13)