Home page logo

pen-test logo Penetration Testing mailing list archives

RE: "Free" pen-test
From: "Pete" <pen_test_list () petesmithcomputers com>
Date: Fri, 20 Jun 2003 09:31:29 +0100


My question is this: how do white-hatters usually approach these 


hellNbak answered:

So let me get this straight.  You engaged in completey 
unethical behaviour
-- offered a free pen-test and now you are mad because you 
were not able to "scare" this guy into buying services from you?

You misunderstand me (perhaps deliberately?). I'm not in the security
industry. I was tipped that a local firm had security issues. I have
contacts who could provide the security that they need, so I went about
bringing the two together. Mr Director agreed to a pen-test on the basis
that our degree of success may or may not lead to a sales meeting. This
wasn't blackmail, just an honest attempt to show a reluctant (and smug)
manager that he was vulnerable. OK, we wasted some time (it seems) -
some people just don't want a mirror held up to them.

Miguel's remarks are more useful. I'm interested in the approach to the
psychology of this thing: what do you do when you know someone is wrong
about his/her security but just refuses to see it? If I'd waited for
this guy to approach me I'd have waited all my life. Likewise, if I'd
tried to sell him a full pen-test backed up with a complete security
report, he'd never have seen the need for it.

Well...any more comments would be interesting.


Latest attack techniques.

You're a pen tester, but is google.com still your R&D team? Now you can get 
trustworthy commercial-grade exploits and the latest techniques from a 
world-class research group.

Visit us at: www.coresecurity.com/promos/sf_ept1 
or call 617-399-6980

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]