|
Dailydave
mailing list archives
Re: Pentesters getting owned?
From: Brian <bmc () snort org>
Date: Mon, 3 May 2004 23:16:37 -0400
On Mon, May 03, 2004 at 05:59:25PM -0700, wirepair wrote:
Has anyone ever heard of or seen a pen-testers laptop get owned while
their on site?
Sure.
I was brought in to validate another team's work after they finished.
My scans found an additional machine that they didn't list in their
network map. Only after I had compromised it and started looking
around, did I realize that it was one of the previous team's laptop that
they accidentally left behind.
Of course, I know a pen-tester that insecurely setup a HTTP proxies (ala
HTTPush) through a VPN without properly protecting the proxy server,
allowing one of the various web based worms to leak into the network he
was auditing.
Brian
--
Computer games don't affect kids; I mean if Pac-Man affected us as kids,
we'd all be running around in darkened rooms, munching magic pills and
listening to repetitive electronic music. -- Kristian Wilson, Nintendo,
Inc, 1989
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
|
Intro
