Penetration Testing mailing list archives
Re: Penetration Testing - Human Factor
From: Joey Peloquin <joeyp () cotse net>
Date: Wed, 23 Aug 2006 07:09:48 -0500
KeenerPB () mcnosc usmc mil wrote:
I would disagree with Arian regarding the technical aspects of "true" hacking...in my experience, social engineering plays a huge role in successful compromise of a network. Most of the time the boundaries are pretty tight so you have to lob one over the fence (social engineering) in order to punch out from the inside to defeat the boundary devices.
All due respect, I'm both an Enterprise pen-test customer and an internal pen-tester at the same company, and I don't see social engineering on the radar at all, save a mention as part of our security awareness program. How many enterprises do you all contract with that *actually* include social engineering, and the like, in the scope? We've paid as much as 40K for an engagement and it didn't include social engineering. -jp ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Re: Bluetooth Pentesting?, (continued)
- Re: Bluetooth Pentesting? Times Enemy (Aug 22)
- RE: Penetration Testing - Human Factor Paul Melson (Aug 21)
- RE: Penetration Testing - Human Factor Arian J. Evans (Aug 21)
- Re: Penetration Testing - Human Factor Marios A. Spinthiras (Aug 23)
- RE: Penetration Testing - Human Factor Isaac Van Name (Aug 24)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- Re: Penetration Testing - Human Factor Marios A. Spinthiras (Aug 23)
- Re: Penetration Testing - Human Factor R. DuFresne (Aug 22)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- Re: Penetration Testing - Human Factor Catsworth (Aug 22)
- RE: Penetration Testing - Human Factor KeenerPB (Aug 22)
- Re: Penetration Testing - Human Factor Joey Peloquin (Aug 23)
- Message not available
- Re: Penetration Testing - Human Factor K K Mookhey (Aug 23)
- RE: Penetration Testing - Human Factor Robert D. Holtz - Lists (Aug 23)
- Re: Penetration Testing - Human Factor Joey Peloquin (Aug 23)
- Pen-testing/auditing MS Exchange Servers. Serge Vondandamo (Aug 24)
- RE: Pen-testing/auditing MS Exchange Servers. Justin Polazzo (Aug 25)
- RE: Penetration Testing - Human Factor StyleWar (Aug 26)
- Re: Penetration Testing - Human Factor Joey Peloquin (Aug 29)