RE: Pentesters getting owned?

["Clemens, Dan" <Dan.Clemens () healthsouth com>]

At one time I worked for a fairly shady boss in the nyc area.(that just
got busted for major fraud) He had a big dispute with one of the partial
owners of the company who he had bought portions of the source code for
his product.

Well, to make a long story short the two had a big pissing match and the
owner who was living in nyc hired a team of pen testers through his law
firm.

They weren't that good and forgot to change their external ip address of
one of their machines when they plugged into our network.

We had setup arpwatch on every network segment and would receive pages
whenever someone would plug into any network segment so we simply did an
arin lookup of the owner of the ip address and it ended up being an law
firm that advertised having a pen testing team.

Anyhow , the pen testers tried to break into the network , yet where
very unsuccessful.

They were running all sorts of vulnerable services on their linux boxes
when we checked out their eleet warez. :)

I will give 400 'kewl' points to anyone on the list who can guess what
'shady nyc owner' hired these pen testers.

I guess the lesson learned is if you are going to be a pen tester and
you want to get on a network and not show what pen-test firm you are
working for (and the admins of the network don't know your coming...)
please change the external ip address you normally use before plugging
your nic in. (oh yeah, patch your box before pen-testing )

-Dan

-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Chad
Schieken
Sent: Tuesday, May 04, 2004 11:07 AM
To: dailydave () lists immunitysec com
Subject: RE: [Dailydave] Pentesters getting owned?


I have watched a particularly crusty client DOS some pen-testers for
spite.
He had been embarrassed by them. The guy was a nut, but he kinda had
them by
the balls cause, what were they gonna do, complain?





-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of wirepair
Sent: Monday, May 03, 2004 8:59 PM
To: dailydave () lists immunitysec com
Subject: [Dailydave] Pentesters getting owned?

Has anyone ever heard of or seen a pen-testers laptop get owned while
their
on site? I was just thinking,
sometimes to exploit wacky services you need to open yourself up. Which
obviously led me to the hilarious
thought (albeit scary if it were me), what if i got owned?
I think if I were in a different job (it security officer ect) I would
most
likely scan their machine when they
came on site (You don't want a vulnerabler pen-tester hanging around
your
network breaking in and gaining access,
without at least considering their security, right?) Has anyone who has
these positions done such a thing?
Just some fun evening thoughts,
-wire

--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Confidentiality Notice: This e-mail communication and any attachments may contain
confidential and privileged information for the use of the designated recipients named above. If
you are not the intended recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure, dissemination, distribution or
copying of it or its contents is prohibited. If you have received this communication in
error, please notify me immediately by replying to this message and deleting it from your
computer. Thank you.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave