Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] First step of a pen-test
From: Jason Stout <jasonstout () EMAIL COM>
Date: Tue, 19 Sep 2000 13:14:18 -0400

heh, I just read this article 20 minutes ago. This should answer
most of your questions.

http://www.infosecuritymag.com/sep2000/securestrategies.htm

Regards,
Jason Stout

------Original Message------
From: "Christopher M. Bergeron" <ChrisB () HGSS COM>
To: PEN-TEST () SECURITYFOCUS COM
Sent: September 18, 2000 6:38:50 PM GMT
Subject: [PEN-TEST] First step of a pen-test


What is the industry norm for _beginning_ a pen-test after the contract has
been made?  Would one first map the network?  Try to war-dial the exchange
for possible remote (pcanywhere, etc). access machines?  VRFY email
addresses to look for user logins?  Is it typical to ask for information
about the network (ie. network architecture) beforehand or do most
pen-tests start "blindly" and do the network reconnaissance.

Thanks to anyone who addresses even one of my many questions.


-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]