|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Menerick, John (jmenerick
netsuite.com)
Date: Thu Oct 02 2008 - 18:05:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I write exploits all the time. Most of the time, when a vuln. is exposed, I have to write my own exploit due to lack of information. In turn, I can verify my systems are vulnerable/patched, and write a rule for the applicable IPS/ITM. Simple and short security.
John Menerick
http://www.icehax.us
-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On Behalf Of John Babio
Sent: Thursday, October 02, 2008 4:31 AM
To: Kaminski, Lorenz; dimkovtrajceyahoo.com; pen-testsecurityfocus.com
Subject: RE: White box pentesting
Here is a question, In all honesty how often do you write you own
exploits if any found? Perhaps in perl, C, python, or ruby?
-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
On Behalf Of Kaminski, Lorenz
Sent: Wednesday, October 01, 2008 2:20 AM
To: dimkovtrajceyahoo.com; pen-testsecurityfocus.com
Subject: RE: White box pentesting
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Dimkov,
1/2) I'm doing security auditing for my company 4 times a year, mostly
white box.
3) social engineering is part of our so called "be aware"-campaign, and
is normaly given once a year.
hope that this somehow helped you.
Kind regards
L. Kaminski
> -----Original Message-----
> From: listbouncesecurityfocus.com
> [mailto:listbouncesecurityfocus.com] On Behalf Of
> dimkovtrajceyahoo.com
> Sent: Tuesday, September 30, 2008 10:24 AM
> To: pen-testsecurityfocus.com
> Subject: White box pentesting
>
>
> Hi pentesters,
>
> i am planing to spend a considerate time of my phd (3 years)
> on developing a model/algorithm/tool that will help pen
> testers during white box penetration testing where they look
> at physical security of the building as well as pentesting
> when they are allowed to use social engineering. Before I
> start, i would like to know:
>
> 1. How often do you do whitebox pentesting?
> 2. How often are you pentesting physical security as part of the test?
> 3. how often are you allowed to use social engineering as
> part of the test?
>
> It will help me decide if i should continue working on this
> field, or switch to another.
>
> Thank you in advance,
> Dimkov
>
> --------------------------------------------------------------
> ----------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
www.cenzic.com/landing/securityfocus/hackinar
-
------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQIVAwUBSOMWjzA05xbtwLWqAQK3eQ/+IyjSAdfbbpklqF1pyD1KVyoRZ0Icju9C
ss+Wk/OTNcKXfp1nUUT4GaUtpzJWxidiOKYYpgFE24vx5zcYEhEw03o8cXGGcGjx
rt84xkfw4oR4tWR54o/oDXSk0MexiU9uKuuHddlYOMLsRuZRYDmn1ljPP4fGeT7b
pW2GRdb/kOAd9IkOuWhuSZf+y+h5+HFjQlsCgrvD2MLTdYSx4s9xBl24XQQ5Y8JY
Q7eDEeE6bgHDST+9inYJ/1P9a/jYAKqGvE4o936wDWRWwylKCr3HhDzX9jKux4FO
TMI+eXVpuAyQ1SFqe2gEiGSQ2oxQeeTrWj6iXcMPRIvfeY1FMxWJymWIcldgozq+
gB9of0FFLMldXqAsnpTfCuwAaulwrcYZOM0ygjBPQvy02Qmtib1/xRWs3ErDX1ug
EqeXGFTVO5BoZ6KRMFfccFQ8ymHC06/Um4nS0KL/7MYAuWBVu/bJSXBqbctMsS6O
qYdg114F0ZV7KjJb9lZIxlRP2kERgPvY+qJJR5bu/TWD672mggTpTl+VBDDJaAnr
/nZgSnclyB1vl4lA2Squ0rS+e4xPUomYJ7wl0NybHgGYdZjyKUNr+ZuvE8fTM6Dq
PfnByVU/OTUzOYXvoej9viugSREYWUvqaMQsbZc+9t2jmRNhgfdFyI16+IIOhPPx
SYb8NDNDKNs=
=GL7N
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited and subject to legal sanctions. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]