Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: lotus notes default objects(.nsf files) and actions

From: Marco Ivaldi <raptor () mediaservice net>
Date: Tue, 31 Mar 2009 14:13:51 +0200 (ora solare Europa occidentale)
Hey,

On Mon, 30 Mar 2009, lister () lihim org wrote:


In reading through the Blackhat presentation called 'Falling Dominos'
there is mention of default .nsf databases and actions (slide 50).

Is there a resource that provides the default list of .nsf databases?
I am also interested in any default actions/methods.

Not sure if any automated scanners have built-in support for checking
default lotus notes databases and actions/methods.


Take a look at these old pen-test list threads:

http://seclists.org/pen-test/2007/Jul/0154.html
http://seclists.org/pen-test/2008/May/0064.html

Hope this helps,

--
Marco Ivaldi, OPST
Lead Security Analyst     Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. 
http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: