Penetration Testing mailing list archives
Email Pen-testing
From: Blake <netspan () hotmail com>
Date: 20 Mar 2004 16:22:18 -0000
Wanted to get your opinion on something... Doing a pen-test for a small bank which was proving very difficult to get it. A friend of mine suggested I send a backdoor trojan attachment via an email. If they clicked on it, the backdoor performs maybe a boxscan, grab passwords, and connects out to the Internet. --Much like a virus. I think this type of testing is becoming more relevant nowadays, especially with whats out there. It reinforces properly configured antivirus software and user awareness. I spoke with a previous customer of mine about the idea. He said he would be very upset if he was not told prior to that type of test as part of normal pen-testing. Generally speaking, my code of ethics doesn't allow me to social engineer. I don't like lying and misleading people. Also people tend to hate you after they've been punk'd. What's your ideas on the email pen-tesing? -Blake --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Email Pen-testing Blake (Mar 21)
- RE: Email Pen-testing Kevin (Mar 22)
- RE: Email Pen-testing R. DuFresne (Mar 22)
- RE: Email Pen-testing Blake Wiedman (Mar 22)
- RE: Email Pen-testing Chuck Herrin (Mar 22)
- RE: Email Pen-testing James Taylor (Mar 23)
- RE: Email Pen-testing Kevin (Mar 23)
- RE: Email Pen-testing Chris Hurley (Mar 23)
- RE: Email Pen-testing AJ Butcher, Information Systems and Computing (Mar 23)
- RE: Email Pen-testing Frank Knobbe (Mar 24)
- Re: Email Pen-testing Michael Richardson (Mar 24)
- RE: Email Pen-testing R. DuFresne (Mar 22)
- RE: Email Pen-testing Kevin (Mar 22)