Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Penetration Whitepapers
From: miguel.dilaj () pharma novartis com
Date: Fri, 6 Feb 2004 08:59:35 +0100

Hi Rob,

A very good source are the GIAC Certification Papers, in your case 
specifically the papers on the GCIH and GCIA certification.

I hope this helps.
Kind regards,

aka Nekromancer
(GSEC Analyst # 3425)

Rob Havelt <rob () cobal org>
05/02/2004 17:51

        To:     pen-test () securityfocus com
        Subject:        Penetration Whitepapers

Hi All,

I was wondering if anyone could point me at a good resource, as I've been 
looking in several different places, and haven't been able to find quite 
what I needed.

I'm looking for either white papers or case studies or some such detailing 

actual real world attacks (more like real-world computer crime, computer 
fraud, internal attacks, etc. and less on the damage from worms or virus, 
DDoS, or the like) on companies who either didn't know that they had a bad 

security posture, couldn't keep on top of infosec issues, or ones who knew 

(either as the result of a pen test, health check, or some other VA) and 
simply didn't take any steps toward remediation.

There is a ton of theory out there, risk data, and the like, and I have 
that. I also realize that usually when this happens companies and law 
enforcement agencies, etc. try quite hard to keep the info under wraps for 

the obvious reasons, but I'm thinking that there has to be a few 
whitepapers out there as strictly "cautionary tales".

Anywhere anyone could point me for the info would be much appreciated.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]