Penetration Testing mailing list archives
RE: White box pentesting
From: "Menerick, John" <jmenerick () netsuite com>
Date: Thu, 2 Oct 2008 16:05:29 -0700
I write exploits all the time. Most of the time, when a vuln. is exposed, I have to write my own exploit due to lack of information. In turn, I can verify my systems are vulnerable/patched, and write a rule for the applicable IPS/ITM. Simple and short security. John Menerick http://www.icehax.us -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of John Babio Sent: Thursday, October 02, 2008 4:31 AM To: Kaminski, Lorenz; dimkovtrajce () yahoo com; pen-test () securityfocus com Subject: RE: White box pentesting Here is a question, In all honesty how often do you write you own exploits if any found? Perhaps in perl, C, python, or ruby? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Kaminski, Lorenz Sent: Wednesday, October 01, 2008 2:20 AM To: dimkovtrajce () yahoo com; pen-test () securityfocus com Subject: RE: White box pentesting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Dimkov, 1/2) I'm doing security auditing for my company 4 times a year, mostly white box. 3) social engineering is part of our so called "be aware"-campaign, and is normaly given once a year. hope that this somehow helped you. Kind regards L. Kaminski
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of dimkovtrajce () yahoo com Sent: Tuesday, September 30, 2008 10:24 AM To: pen-test () securityfocus com Subject: White box pentesting Hi pentesters, i am planing to spend a considerate time of my phd (3 years) on developing a model/algorithm/tool that will help pen testers during white box penetration testing where they look at physical security of the building as well as pentesting when they are allowed to use social engineering. Before I start, i would like to know: 1. How often do you do whitebox pentesting? 2. How often are you pentesting physical security as part of the test? 3. how often are you allowed to use social engineering as part of the test? It will help me decide if i should continue working on this field, or switch to another. Thank you in advance, Dimkov -------------------------------------------------------------- ---------- This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar - ------------------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQIVAwUBSOMWjzA05xbtwLWqAQK3eQ/+IyjSAdfbbpklqF1pyD1KVyoRZ0Icju9C ss+Wk/OTNcKXfp1nUUT4GaUtpzJWxidiOKYYpgFE24vx5zcYEhEw03o8cXGGcGjx rt84xkfw4oR4tWR54o/oDXSk0MexiU9uKuuHddlYOMLsRuZRYDmn1ljPP4fGeT7b pW2GRdb/kOAd9IkOuWhuSZf+y+h5+HFjQlsCgrvD2MLTdYSx4s9xBl24XQQ5Y8JY Q7eDEeE6bgHDST+9inYJ/1P9a/jYAKqGvE4o936wDWRWwylKCr3HhDzX9jKux4FO TMI+eXVpuAyQ1SFqe2gEiGSQ2oxQeeTrWj6iXcMPRIvfeY1FMxWJymWIcldgozq+ gB9of0FFLMldXqAsnpTfCuwAaulwrcYZOM0ygjBPQvy02Qmtib1/xRWs3ErDX1ug EqeXGFTVO5BoZ6KRMFfccFQ8ymHC06/Um4nS0KL/7MYAuWBVu/bJSXBqbctMsS6O qYdg114F0ZV7KjJb9lZIxlRP2kERgPvY+qJJR5bu/TWD672mggTpTl+VBDDJaAnr /nZgSnclyB1vl4lA2Squ0rS+e4xPUomYJ7wl0NybHgGYdZjyKUNr+ZuvE8fTM6Dq PfnByVU/OTUzOYXvoej9viugSREYWUvqaMQsbZc+9t2jmRNhgfdFyI16+IIOhPPx SYb8NDNDKNs= =GL7N -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited and subject to legal sanctions. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: White box pentesting Joey Peloquin (Oct 01)
- Message not available
- Re: White box pentesting Joey Peloquin (Oct 02)
- Message not available
- <Possible follow-ups>
- Re: White box pentesting Martin Zember (Oct 01)
- RE: White box pentesting Kaminski, Lorenz (Oct 01)
- RE: White box pentesting John Babio (Oct 02)
- RE: White box pentesting Menerick, John (Oct 02)
- RE: White box pentesting John Babio (Oct 02)