Penetration Testing mailing list archives

Re: Generating awareness amongst IT staff

From: Faheem SIDDIQUI <fahimdxb () gmail com>
Date: Sat, 02 Dec 2006 09:09:06 +0400

Thanks to all the great tips you guys have given here.
Will need your assistance once I start to lay down the presentation details.

Regards

Sol_Invictus wrote:

After that tell them that it even easier with a copy of the rainbow tables.

Some tips for them to remember..

1. Think like the bad guys.
2. Be suspicious
3. Default Deny
4. Know everything on you're network/system.

A tip for you.

Be careful not to "insult their intelligence"  Allow them to ask the
questions if they don't understand.

I've done many of these before, feel free to hit me offlist if you have any

other questions.

Sol.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Faheem SIDDIQUI
Sent: Saturday, November 25, 2006 11:14 AM
To: pen-test () securityfocus com
Subject: Generating awareness amongst IT staff

I am in the middle od preparing slides for security awareness presentation
amongst IT staff (network admins/system/DBAs) etc.

Security awareness is quite low amongst these guys and they seem to believe
that the way have done it all these years, can continue all the remaining
years too.

Plan is, to create password hack using Ophcrack and run it during
presentation. What else can I do to create real time engaging presentation
so that these guys might sit up and take notice. How about doing a pen test
on databases?

Anyone has any ideas to make this presentation to largely IT technical
staff...as engaging as possible?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Re: Re: Generating awareness amongst IT staff bulgaro76 (Dec 01)
- Re: Generating awareness amongst IT staff Jerome Athias (Dec 03)
  - Re[2]: Generating awareness amongst IT staff Roman Shirokov (Dec 03)
    - Re: Re[2]: Generating awareness amongst IT staff pand0ra (Dec 03)
    - Re: Re[2]: Generating awareness amongst IT staff nick leachman (Dec 05)
    - Re: Re[2]: Generating awareness amongst IT staff pand0ra (Dec 05)
- <Possible follow-ups>
- Re: Generating awareness amongst IT staff Faheem SIDDIQUI (Dec 03)
- RE: Re: Generating awareness amongst IT staff Michael Scheidell (Dec 03)
- Re: Generating awareness amongst IT staff Eagle Fire (Dec 03)