Re: Pentesters getting owned?

["wirepair" <wirepair () roguemail net>]

Aha, thats great, And scary.
On Mon, 3 May 2004 23:16:37 -0400
 Brian <bmc () snort org> wrote:
> On Mon, May 03, 2004 at 05:59:25PM -0700, wirepair wrote:
> > Has anyone ever heard of or seen a pen-testers laptop get owned while
> > their on site? 
>
> Sure.  
>
> I was brought in to validate another team's work after they finished.
> My scans found an additional machine that they didn't list in their
> network map.  Only after I had compromised it and started looking
> around, did I realize that it was one of the previous team's laptop that
> they accidentally left behind.
>
> Of course, I know a pen-tester that insecurely setup a HTTP proxies (ala
> HTTPush) through a VPN without properly protecting the proxy server,
> allowing one of the various web based worms to leak into the network he
> was auditing.
>
> Brian
>
> --
> Computer games don't affect kids; I mean if Pac-Man affected us as kids,
> we'd all be running around in darkened rooms, munching magic pills and
> listening to repetitive electronic music. -- Kristian Wilson, Nintendo,
> Inc, 1989

--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave