Penetration Testing mailing list archives
Re: Pen Testing
From: Matt - MRS Security <matt () mrssecurity com>
Date: Fri, 24 Oct 2008 18:09:03 +0100
Patrick Fitzgerald wrote:
Does anyone know of a pen testing company named Sklar Technology Partners, whether it be positive or negative? What should we be looking for in a security company? Is it common that a security company would need rights such as domain admin rights to perform an audit on the network? Any resources that you could suggest would be helpful. Thank you. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Hi,Usually if we cannot obtain domain admin credentials during testing then we do request them i.e. create a new domain admin user specifically for us with a strong password and delete at end of testing.
This is normally to obtain patch listings to add to reports and that is all. Usually you do not require to hand out credentials; its at your discretion. Matt. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Pen Testing Patrick Fitzgerald (Oct 20)
- Re: Pen Testing Volker Tanger (Oct 20)
- Re: Pen Testing Adriel T. Desautels (Oct 22)
- Message not available
- Re: Pen Testing Patrick Fitzgerald (Oct 22)
- Re: Pen Testing Adriel T. Desautels (Oct 22)
- Re: Pen Testing Patrick Fitzgerald (Oct 22)
- Re: Pen Testing Matt - MRS Security (Oct 24)