Penetration Testing mailing list archives
RE: Testing the user community
From: "Morris Sgt Derek P" <derek.p.morris () usmc mil>
Date: Tue, 30 Jan 2007 14:57:30 -0800
Kurt, If you really want to test the vulnerability of your users, more power to you. That is something I am also looking at doing, but be careful before you start. Make sure that the scope of your assessment is CLEARLY defined and that your management/superiors are aware and on board. All that is for covering your 6. As far as methodology goes, look for information on "Social Engineering" or "pretexting". If you have some time before you need to execute your plan, I recommend reading a couple of books by Kevin Mitnick. I am currently reading "The Art of Deception" which is all about social engineering. It's a fun read, makes me laugh, but as a security professional, its also scares me to death. After that you could try reading "The Art of Intrusion" also by Mitnick. The latter title I have not picked up yet, but I am planning to when I finish "Deception." Mitnick's books are a good resource, after all, how many years did he spend in jail for the subject matter? Good luck, Kurt, I would be interested to hear how you go about it and what the results are. Derek Morris -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of webmaster () absolutenetworks biz Sent: Tuesday, January 30, 2007 6:12 To: pen-test () securityfocus com Subject: Testing the user community We all know our weak link but how do you identify just how weak they are? I think it's time to pen test my user community and have a couple ideas to gather statistics on just how nonaware they really are. Maybe a simple phishing scam and bogus email with a fake virus attachment that emails me when it's opened so I can track how many folks actually opened it. Has anyone ever done this before? I can't find any information about it on the web.. thoughts and ideas anybody? Many thanks Kurt ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Testing the user community Matthew Snider (Feb 01)
- <Possible follow-ups>
- RE: Testing the user community Des Ward (Feb 01)
- RE: Testing the user community Morris Sgt Derek P (Feb 01)
- Re: Testing the user community mblack9905 (Feb 01)
- Re: Testing the user community Javier Fernández-Sanguino (Feb 01)
- Re: Testing the user community webmaster (Feb 01)
- Re: Testing the user community Carl Jongsma (Feb 01)
- Re: Testing the user community Nicolás F . Iglesias (Feb 02)
- Re: Testing the user community Lee Lawson (Feb 02)
- Re: Testing the user community Nicolás F . Iglesias (Feb 02)
- Re: Testing the user community Pete Herzog (Feb 01)
- Re: Testing the user community Schanulleke (Feb 01)
- RE: Testing the user community Paul Melson (Feb 01)
- RE: Testing the user community webmaster (Feb 01)
(Thread continues...)