mailing list archives
[PEN-TEST] First step of a pen-test
From: "Christopher M. Bergeron" <ChrisB () HGSS COM>
Date: Mon, 18 Sep 2000 14:38:50 -0400
What is the industry norm for _beginning_ a pen-test after the contract has been made? Would one first map the
network? Try to war-dial the exchange for possible remote (pcanywhere, etc). access machines? VRFY email addresses to
look for user logins? Is it typical to ask for information about the network (ie. network architecture) beforehand or
do most pen-tests start "blindly" and do the network reconnaissance.
Thanks to anyone who addresses even one of my many questions.
- [PEN-TEST] First step of a pen-test Christopher M. Bergeron (Sep 19)