Full Disclosure mailing list archives
Re: Flash that simulates virus scan
From: reepex <reepex () gmail com>
Date: Sun, 9 Dec 2007 14:15:09 -0600
my response about a fictional company to keep the game along On Oct 31, 2007 10:03 PM, reepex <reepex () gmail com> wrote:
I work at a less known security company that bans use of any automated tools unless under extreme circumstances. These include times such as when have 1000s of ip addresses all alive and running random windows versions so we use mass scans to find any unpatched machines. We strictly do not allow 'web scanners' no matter how large the size because they are all crap and its quicker to find the bugs yourself then verify all the false positives any web app scanner creates. How does your company handle these things? On 10/31/07, Simon Smith <simon () snosoft com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reepex, What company are you with? I'm actually interested in findinginfoseccompanies that perform real work as opposed to doing everything automated. Nice to hear that you're a real tester. With respect to your question, doesn't msf3 have some of that functionality already built into it? Have you already hit all their web-apps? reepex wrote:resulting to se in a pen test cuz you cant break any of the actualmachines?lulz On 10/31/07, Joshua Tagnore <joshua.tagnore () gmail com> wrote:List, Some time ago I remember that someone posted a PoC of a smallsite thathad a really nice looking flash animation that "performed a virusscan" andafter the "virus scan" was finished, the user was prompted for a"Downloadvirus fix?" question. After that, of course, a file is sent to theuser andhe got infected with some malware. Right now I'm performing apenetrationtest, and I would like to target some of the users of the corporateLAN, soI think this approach is the best in order to penetrate to the LAN. I searched google but failed to find the URL, could someone sendit tome ? Thanks! Cheers, -- Joshua Tagnore _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/- -- - - simon - ---------------------- http://www.snosoft.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFHKQOLf3Elv1PhzXgRAo+EAJwJ0eI/2XkWBxMWalEBNSYkYh+YqQCgh49q XaNATfPu4PAuP8vnVF8/eyw= =yy5T -----END PGP SIGNATURE-----
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Flash that simulates virus scan reepex (Dec 09)
- Re: Flash that simulates virus scan Simon Smith (Dec 09)
- Re: Flash that simulates virus scan reepex (Dec 09)
- Re: Flash that simulates virus scan jf (Dec 09)
- Re: Flash that simulates virus scan Dude VanWinkle (Dec 09)
- Re: Flash that simulates virus scan Simon Smith (Dec 09)
- Re: Flash that simulates virus scan reepex (Dec 09)
- <Possible follow-ups>
- Re: Flash that simulates virus scan reepex (Dec 09)
- Re: Flash that simulates virus scan reepex (Dec 09)
- Re: Flash that simulates virus scan reepex (Dec 09)
- Re: Flash that simulates virus scan Simon Smith (Dec 09)