Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Testing the user community

From: Nicolás F. Iglesias <nfiglesias () gmail com>
Date: Fri, 2 Feb 2007 00:01:16 -0300
Once, i did a personalized phisymail from a personal PC, catched through Netbios. The intrusion was as follow:
- I found a Winbox on internet, from Dr. X (i don't remember his real name). He has the netbios opened, so it was easy to broke his lan. - I learned, from DOCs, LOGs, websites visited and all data i found on his HD, who was and what kind of person he was. - I wrote an email, using a language according to his "personality" (university phd and so on...) and i "invited" his contacts to test a financial software (he and his contacts, all working on economy and finances). - The fake soft has a keylogger on it. The logs was sent to my free emailaddress. - In a few days, i was able to see all data from his friends and very interesting people (one working at my country's defense agency as an IT consultant), bank accounts, credit cards,etc. But it just was a nice experience and i didn't stole a penny.
What i'm trying to expose is that, on phishing, you have to develop social engineering.
NiCo 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: