Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Generating awareness amongst IT staff
From: arif.jatmoko () sea ccamatil com
Date: Mon, 27 Nov 2006 12:17:02 +0700




Depend on your presentation time, you might using Live hacking demo or just
some reasonable explanation. The point is making all vulnerable systems are
able to hack or potentially hacked. Nessus, Wireshark, Metasploit, etc is
good for Live Demo but this not a 'Magic Tool'. Each hacking tools used
should has the underlying theory and applicable at what kind of holes.  Do
not use tools that you cannot explain how it works, that's make you miss
the awareness goal.

Regards,
Arif Jatmoko

|+-----------------------+------------------------------------------------|
||   pand0ra             |                                                |
||   <pand0ra.usa () gmail c|           To:        "Faheem SIDDIQUI"         |
||   om>                 |   <fahimdxb () gmail com>                         |
||   Sent by:            |           cc:                                  |
||   listbounce () securityf|   pen-test () securityfocus com, (bcc: Arif       |
||   ocus.com            |   Jatmoko/IDN/SEA/CCA)                         |
||                       |           Subject:        Re: Generating       |
||   11/26/2006 08:59 AM |   awareness amongst IT staff                   |
||                       |                                                |
|+-----------------------+------------------------------------------------|






Break out Nessus and show them what a vulnerability scan looks like on
a test server. Then use Metasploit to show them how easy it is to
compromise the box. Try wireshark/favorite packet capture tool and
show them how much fun it is to capture unencrypted traffic
(preferably their password, which is probably one from a dictionary).
Then grab a clue banana then beat them over the head with it.

On 11/25/06, Faheem SIDDIQUI <fahimdxb () gmail com> wrote:
I am in the middle od preparing slides for security awareness
presentation amongst IT staff (network admins/system/DBAs) etc.

Security awareness is quite low amongst these guys and they seem to
believe that the way have done it all these years, can continue all the
remaining years too.

Plan is, to create password hack using Ophcrack and run it during
presentation. What else can I do to create real time engaging
presentation so that these guys might sit up and take notice. How about
doing a pen test on databases?

Anyone has any ideas to make this presentation to largely IT technical
staff...as engaging as possible?


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------






_______________________________________________________________________________
Visit us at www.coca-colabottling.co.id

CAUTION:
This message may contain privileged and confidential information intended only for the use of the addressee named 
above. If you are not the intended recipient of this message, you are hereby notified that any use, 
dissemination,distribution, or reproduction of this message is prohibited. If you have received this message in error, 
please notify Coca-Cola Bottling Indonesia immediately. Any views expressed in this message are those of the individual 
sender and may not necessarily reflect the views of Coca-Cola Bottling Indonesia.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Re: Generating awareness amongst IT staff arif . jatmoko (Nov 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault