Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Testing the user community

from [Lee Lawson] Network Security [Permanent Link]
Subject: Re: Testing the user community
Date: Fri, 2 Feb 2007 09:43:20 +0000 
Have you just admitted to committing a crime?  I don't see how you
could have obtained prior written permission from all of Dr X's
contacts before you started the 'test'.

I don't think anyone on the mailing list would condone that sort of
action.  Please stay legal  or you will ruin it for the rest of us!





On 2/2/07, Nicolás F. Iglesias <nfiglesias@gmail.com> wrote: 
Once, i did a personalized phisymail from a personal PC, catched through
Netbios. The intrusion was as follow:

- I found a Winbox on internet, from Dr. X (i don't remember his real name).
He has the netbios opened, so it was easy to broke his lan.
- I learned, from DOCs, LOGs, websites visited and all data i found on his
HD, who was and what kind of person he was.
- I wrote an email, using a language according to his "personality"
(university phd and so on...) and i "invited" his contacts to test a
financial software (he and his contacts, all working on economy and
finances).
- The fake soft has a keylogger on it. The logs was sent to my free
emailaddress.
- In a few days, i was able to see all data from his friends and very
interesting people (one working at my country's defense agency as an IT
consultant), bank accounts, credit cards,etc. But it just was a nice
experience and i didn't stole a penny.

What i'm trying to expose is that, on phishing, you have to develop social
engineering.

NiCo


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------




--
Lee J Lawson
leejlawson@gmail.com
leejlawson@hushmail.com

"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."

"Quidquid latine dictum sit, altum sonatur."

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Password cracker required, Vural KOYUSTU
Next by Date:  Re: Testing the user community, Thor (Hammer of God)
Previous by Thread:  Re: Testing the user community, Nicolás F. Iglesias
Next by Thread:  Re: Testing the user community, Pete Herzog
Indexes:  [Date] [Thread] [Top] [All Lists]