Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Pen-Test and Social Engineering

From: "K K Mookhey (NII)" <kkmookhey () niiconsulting com>
Date: Mon, 6 Feb 2006 00:21:32 +0530
A social engineering test can often be more fruitful than a network-based
pentest, and serves an extremely useful purpose. We've had instances where
an amazing amount of information has been revealed by IT staff when social
engineering has been part of the engagement. In fact, a pentest can be
expanded to not only include social engineering, but also penetration of the
physical security perimeter of the organization. Some of our juiciest data
has come after entering an organization's premises, attaching a small
wireless access point somewhere unobtrusively, exiting out, and then
connecting peacefully from the parking lot or from across the street.

Cheers,

K. K. Mookhey
Founder
NII Consulting
Web: www.niiconsulting.com
------------------------------------
Comprehensive Security Assessment Software
http://www.niiconsulting.com/products.html

Checkmate!
http://www.niiconsulting.com/checkmate/
------------------------------------

This message may contain privileged and confidential information and is
solely for the use of intended recipient. If you are not the intended
recipient you should not disseminate, distribute, store, print, copy or
deliver this message. Please notify the sender immediately by e-mail if you
have received this e-mail by mistake and delete this e-mail from your
system. 
 


-----Original Message-----
From: burzella () inwind it [mailto:burzella () inwind it] 
Sent: Friday, February 03, 2006 7:33 PM
To: pen-test () securityfocus com
Subject: Pen-Test and Social Engineering

Hi
In yuor opinion, can a Social Engineering test be considered 
part of a Pen-Test?

Thanks

--------------------------------------------------------------
----------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking 
applications on your website. Up to 75% of cyber attacks are 
launched on shopping carts, forms, login pages, dynamic 
content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website 
for vulnerabilities to SQL injection, Cross site scripting 
and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
-----------------








------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: