Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Using viruses in pen-test

from [c0redump] Network Security [Permanent Link]
Subject: Re: Using viruses in pen-test
Date: Fri, 13 Oct 2006 14:15:19 +0100
I touched on the below method (1x1 pixel relating to honey tokens) at http://www.tomneaves.co.uk/index.php?itemid=30 a while back. It's an interesting idea.

- Tom

----- Original Message ----- From: Clint Laskowski
To: pen-test@securityfocus.com
Sent: Thursday, October 12, 2006 5:28 AM
Subject: RE: Using viruses in pen-test

...

If your goal is to see if users open email that they shouldn't, consider
sending an HTML email message with a 1x1 pixel image pulled from your
website. Use a unique file name for the image that will only be used in the
test. Then, after allowing enough time for the users to open the message,
check your weblogs to see if the image was downloaded, and at what time.
Even better, have unique file names for each email you send out. That way
you can tell who read the email ... or at least the fact that a specific
email (sent to a specific person) was read at a specific time. However, keep
in mind this approach was apparently used by HP recently (see
http://news.zdnet.com/2100-1009_22-6121048.html) using a service called
ReadNotify, and look where it got them!

Use these concepts at your own risk!

-- clint




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Web Vulnerability Scanner, Christine Kronberg
Next by Date:  How to exploit gain root of OpenSSL?, 09sparky
Previous by Thread:  RE: Using viruses in pen-test, Clint Laskowski
Next by Thread:  RE: Using viruses in pen-test, Omar Herrera
Indexes:  [Date] [Thread] [Top] [All Lists]