Penetration Testing mailing list archives
RE: Pen-Test and Social Engineering
From: "K K Mookhey (NII)" <kkmookhey () niiconsulting com>
Date: Mon, 6 Feb 2006 00:21:32 +0530
A social engineering test can often be more fruitful than a network-based pentest, and serves an extremely useful purpose. We've had instances where an amazing amount of information has been revealed by IT staff when social engineering has been part of the engagement. In fact, a pentest can be expanded to not only include social engineering, but also penetration of the physical security perimeter of the organization. Some of our juiciest data has come after entering an organization's premises, attaching a small wireless access point somewhere unobtrusively, exiting out, and then connecting peacefully from the parking lot or from across the street. Cheers, K. K. Mookhey Founder NII Consulting Web: www.niiconsulting.com ------------------------------------ Comprehensive Security Assessment Software http://www.niiconsulting.com/products.html Checkmate! http://www.niiconsulting.com/checkmate/ ------------------------------------ This message may contain privileged and confidential information and is solely for the use of intended recipient. If you are not the intended recipient you should not disseminate, distribute, store, print, copy or deliver this message. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
-----Original Message----- From: burzella () inwind it [mailto:burzella () inwind it] Sent: Friday, February 03, 2006 7:33 PM To: pen-test () securityfocus com Subject: Pen-Test and Social Engineering Hi In yuor opinion, can a Social Engineering test be considered part of a Pen-Test? Thanks -------------------------------------------------------------- ---------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- -----------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Pen-Test and Social Engineering burzella (Feb 05)
- Re: Pen-Test and Social Engineering Marco Ramilli (Feb 05)
- Re: Pen-Test and Social Engineering Steven (Feb 05)
- RE: Pen-Test and Social Engineering John (Feb 05)
- Re: Pen-Test and Social Engineering Peter Wood (Feb 05)
- RE: Pen-Test and Social Engineering K K Mookhey (NII) (Feb 05)
- Re: Pen-Test and Social Engineering Petr . Kazil (Feb 05)
- Re: Pen-Test and Social Engineering Louis Lerman (Feb 05)
- Re: Pen-Test and Social Engineering Fixer (Feb 05)
- Re: Pen-Test and Social Engineering Sysmin Sys73m47ic (Feb 05)
- Re: Pen-Test and Social Engineering Serg Belokamen (Feb 05)
- RE: Pen-Test and Social Engineering Terry Vernon (Feb 05)
- Re: Pen-Test and Social Engineering Tim (Feb 06)
- Re: Pen-Test and Social Engineering Francisco Pecorella (Feb 06)
- <Possible follow-ups>
- RE: Pen-Test and Social Engineering Michael Mooney (Feb 05)
- Re: Pen-Test and Social Engineering Ratna Kumar (Feb 05)
(Thread continues...)