Penetration Testing mailing list archives
RE: Spyware assessment techniques
From: "Butler, Theodore" <tbutler () witsusa com>
Date: Fri, 10 Feb 2006 13:40:02 -0500
A companion question, what if you had to do this from a command line? How would it be done without the spyware tools? Ted -----Original Message----- From: Derek Nash [mailto:ddnash () gmail com] Sent: Thursday, February 09, 2006 11:07 PM To: pen-test () securityfocus com Subject: Spyware assessment techniques I am now frequently getting requests for spyware/grayware/adware assessments as subcomponent of a larger security assessment. My efforts up to this point have been a manual process of loading free antispyware tools, scanning the host, individually recording the results, classifying the types of spyware encountered and reporting the results. Recently I have begun to consider including data from a web usage analysis tool that has the ability to identify spyware downloads and phone home attempts to augment these manual efforts. I am wondering what others are doing in regards to spyware assessments and if anyone is aware a spyware "network scanner" that would allow me to look at a larger sampling of hosts on a network during these assessments. ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Spyware assessment techniques, (continued)
- Re: Spyware assessment techniques Packet Man (Feb 11)
- Re: Spyware assessment techniques Paul Halliday (Feb 11)
- Message not available
- Re: Spyware assessment techniques Ed Hotchkiss (Feb 11)
- Re: Spyware assessment techniques Semper Securus (Feb 11)
- Message not available
- Re: Spyware assessment techniques - hub? Petr . Kazil (Feb 12)
- Re: Spyware assessment techniques - hub? Packet Man (Feb 12)
- Re: Spyware assessment techniques - hub? offset (Feb 12)
- RE: Spyware assessment techniques - hub? Richard Zaluski (Feb 13)
- RE: Spyware assessment techniques - hub? Dan Tesch (Feb 13)
- Re: Spyware assessment techniques Thorsten Holz (Feb 10)
- RE: Spy ware assessment techniques Terry Vernon (Feb 10)
- RE: Spy ware assessment techniques jseitz (Feb 11)