Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Penetration Testing - Human Factor

from [KeenerPB] Network Security [Permanent Link]
Subject: Re: Penetration Testing - Human Factor
Date: Sat, 26 Aug 2006 20:51:42 -0400 
We use social engineering on almost every assessment we do except when the 
request is for a strict technical assessment.

Capt. Paul B. Keener
OIC, Marine Corps Red Team
Marine Corps Network Operations & Security Command
STE: 703.784.4327 (DSN 278)
Cell: 703.399.9639

NIPR: keenerpb@mcnosc.usmc.mil
SIPR: keenerpb@mcnosc.usmc.smil.mil
--------------------------
Sent from my BlackBerry Wireless Handheld


-----Original Message-----
From: StyleWar <stylewar@cox.net>
To: 'Joey Peloquin' <joeyp@cotse.net>; Keener Capt Paul B 
<KeenerPB@mcnosc.usmc.mil>
CC: 'Pen-Testing' <pen-test@securityfocus.com>
Sent: Sat Aug 26 19:44:04 2006
Subject: RE: Penetration Testing - Human Factor

lol

With respect, I think that's a greater commentary on your contracting
methods than it is on what's available. The Pen-Tests I have run include
everything from physical, to logical, to social/administrative.  The
customer has had to opt out on specific methods and attack trees as part of
the preengagement process.

-

StyleWar

"Patriotism isn't defined in a moment.  It's defined in a lifetime." 


-----Original Message-----
From: Joey Peloquin [mailto:joeyp@cotse.net] 
Sent: Wednesday, August 23, 2006 7:10 AM
To: KeenerPB@mcnosc.usmc.mil
Cc: Pen-Testing
Subject: Re: Penetration Testing - Human Factor

KeenerPB@mcnosc.usmc.mil wrote:

I would disagree with Arian regarding the technical aspects 

of "true"

hacking...in my experience, social engineering plays a huge role in 
successful compromise of a network. Most of the time the boundaries 
are pretty tight so you have to lob one over the fence (social 
engineering) in order to punch out from the inside to 

defeat the boundary devices.

All due respect, I'm both an Enterprise pen-test customer and 
an internal pen-tester at the same company, and I don't see 
social engineering on the radar at all, save a mention as 
part of our security awareness program.

How many enterprises do you all contract with that *actually* 
include social engineering, and the like, in the scope?  
We've paid as much as 40K for an engagement and it didn't 
include social engineering.

-jp

--------------------------------------------------------------
----------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
--------------------------------------------------------------
----------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Penetration Testing - Human Factor, StyleWar
Next by Date:  Note from Moderator - Cross-list postings, Erin Carroll
Previous by Thread:  RE: Penetration Testing - Human Factor, Evans, Arian
Next by Thread:  bypass input filter (SQL Injection / XSS), Rick Zhong
Indexes:  [Date] [Thread] [Top] [All Lists]