PaulDotCom mailing list archives
Re: Taking a leak on the wire
From: Michael Dickey <lonervamp () gmail com>
Date: Tue, 19 Oct 2010 11:25:02 -0500
For web apps that log activity, there are times where an attac...tester... will stumble upon something interesting using less protection for their anonymity, and then switch over to a proxy or something better to do their POC or actual attack, which they then anonymously email to a vendor. On Sun, Oct 17, 2010 at 9:30 PM, Adrian Crenshaw <irongeek () irongeek com>wrote:
I’m working on a presentation, and need a little help. I’m trying to come up with little things “Pro Bono Pentesters” forget about that may lead to their identity being discovered, tie them to an event, or at least reduce the “anonymity set” they are in. Mac Address left in logs Browser tabs that automatically open that may give info about them (for example, if I have my tabs auto open to my site, my webmail, etc) Network scans that are done that automatically use the credentials of the logged in user Host name/NetBIOs info that makes it obvious who it is Last DHCP lease renew (example, the IDS on a network notice that particular host requested a renew for a specific IP, and using that IP they can figure out the last network the person was on. Need more details how this workd) Other ideas? Thanks, Adrian _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Taking a leak on the wire Adrian Crenshaw (Oct 18)
- Re: Taking a leak on the wire d4ncingd4n (Oct 19)
- Re: Taking a leak on the wire Bill Swearingen (Oct 19)
- Re: Taking a leak on the wire Jim Halfpenny (Oct 19)
- Re: Taking a leak on the wire Michael Dickey (Oct 19)