Home page logo
/

pen-test logo Penetration Testing mailing list archives

Using public LDAP directories for attack preparation
From: "Per Thorsheim" <per () thorsheim net>
Date: Wed, 27 Sep 2006 20:27:57 +0200

I've seen a quite a few publicly available LDAP directories on the Internet
containing names, e-mail addresses and other employee information for a
company.

Besides the obvious possibility of harvesting working e-mail addresses for
spam purposes, has anyone successfully used such externally available
directories for doing targeted social engineering attacks as part of a
pentest?

Regards,
Per Thorsheim
CISA, CISM, CISSP



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Using public LDAP directories for attack preparation Per Thorsheim (Sep 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault