Penetration Testing mailing list archives
Re: Email Pen-testing
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Wed, 24 Mar 2004 14:42:37 -0500
-----BEGIN PGP SIGNED MESSAGE-----
"Frank" == Frank Knobbe <frank () knobbe us> writes:
Frank> an Incident Response Exercise to test the response capabilities of a Frank> client. You are less concerned about getting root but instead try to Frank> operate stealthy or in an otherwise defined pattern, attempting to Frank> penetrate, but allowing others to take notes of the response Frank> procedures of the clients incident response team. Like, for instance, do the IT people even know who to call once they have "caught" you? In Canada, the responsability for "computer crime" devolved from the RCMP to the local police forces. Alas, the knowledge and experience did not get passed down. The Ottawa police, as competent as they are for most things, spends all their computer time tracking down child porn and stalkers. If you call them and say, "I'm from Corporation FOO, my firewall was compromised", they offer to send ... the fire department. So, in Ottawa at least, my conclusion is that there isn't a number that can be called anymore. - -- ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[ ] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Finger me for keys iQCVAwUBQGHkrIqHRg3pndX9AQG4hQP/St4ihxRjdcZSYPne59pUM5//BI05iP1H zU7ZkqcbKvtqi6uKV08/xUxJldOeH9P7S7tM+NtfcEq0JNTYRKpj8q7IxLSgkd5g M+J4GM4T2k+QSBVPoG2aHAXpHrOZlSlDYWlyoqhF0gVCBf6tZoBs5aSsbgqWNa7P ZpEqgBErn9E= =Hrq3 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- Email Pen-testing Blake (Mar 21)
- RE: Email Pen-testing Kevin (Mar 22)
- RE: Email Pen-testing R. DuFresne (Mar 22)
- RE: Email Pen-testing Blake Wiedman (Mar 22)
- RE: Email Pen-testing Chuck Herrin (Mar 22)
- RE: Email Pen-testing James Taylor (Mar 23)
- RE: Email Pen-testing Kevin (Mar 23)
- RE: Email Pen-testing Chris Hurley (Mar 23)
- RE: Email Pen-testing AJ Butcher, Information Systems and Computing (Mar 23)
- RE: Email Pen-testing Frank Knobbe (Mar 24)
- Re: Email Pen-testing Michael Richardson (Mar 24)
- RE: Email Pen-testing R. DuFresne (Mar 22)
- RE: Email Pen-testing Kevin (Mar 22)
- RE: Email Pen-testing Rob Shein (Mar 23)
- RE: Email Pen-testing Brad . Murray (Mar 23)
- Re: Email Pen-testing Michael Richardson (Mar 23)
- RE: Email Pen-testing R. DuFresne (Mar 23)
- Re: Email Pen-testing Rainer Duffner (Mar 23)