Metasploit mailing list archives

Re: Sample Contracts for Pen Testing

From: Christian Heinrich <christian.heinrich () cmlh id au>
Date: Sat, 1 Sep 2012 15:29:32 +1000

I would assume that you are intending to undertake something similar
to http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)
and hence you would be required to seek indemnity from each employee
(since they own the device(s) you are targeting i.e. the system owner)
and not the company itself.

Obviously, this would dilute the effectiveness of the smishing and
phishing e-mails since they would be forewarned (of such e-mails).

On Tue, Aug 28, 2012 at 3:06 AM, Chip <jeffschips () gmail com> wrote:

Or any insights into this particular scenario would be appreciated,
particularly as it relates to sending smishing and phishing emails to
employees who bring their own wireless devices into a company environment
and use the company's network, as well as those employees who use their
company-owned wirelessly connected devices at the workplace.


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Sample Contracts for Pen Testing Chip (Aug 27)
- Re: Sample Contracts for Pen Testing Giles Coochey (Aug 28)
- Re: Sample Contracts for Pen Testing Stephen Haywood (Aug 30)
  - Re: Sample Contracts for Pen Testing Daniel Clemens (Aug 30)
- Re: Sample Contracts for Pen Testing Christian Heinrich (Aug 31)