|
Penetration Testing
mailing list archives
Re: Using 0days as part of pen-test?
From: ArcSighter Elite <arcsighter () gmail com>
Date: Tue, 13 Jan 2009 16:16:39 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Javier Reyna Padilla wrote:
Well I think that if you can identify a 0day, and you are able to
exploit, then you have a plus over a lot of just-framework-pentesters,
not trying to talk bad about anybody.
Although I haven't though this way, interesting point.
And the point is to probe the
network is vulnerable. I think it is ok to exploit 0days, but ofcourse
you will explain that in the final report, and then you might do
whatever you want with your research. Maybe, things will depend on the
contract you sign with your customer about tecniques, procedures, and
what kind of explotations you are allowed to test.
They requested by almost a full pen-test scenario, including everything
even social engineering.
Javier Reyna
CCSE WCSE ISS-CS NSP JNCIA-FWV
Consultor en Seguridad
jreyna () onlinet com mx
www.onlinet.com.mx
,,__
o" )~
''''
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkltBK0ACgkQH+KgkfcIQ8ebGACg1iJLFSqSI87rWj4zTYJp7BGL
9jYAn1LTtxio1Vng3C5h+zOZQL1i9NWf
=D+JM
-----END PGP SIGNATURE-----
 By Date 
By Thread
Current thread:
- Re: Using 0days as part of pen-test?, (continued)
Re: Using 0days as part of pen-test? Oliver Schad (Jan 15)
Message not available
Re: Using 0days as part of pen-test? Javier Reyna Padilla (Jan 14)
- Re: Using 0days as part of pen-test? ArcSighter Elite (Jan 14)
RE: Using 0days as part of pen-test? Shenk, Jerry A (Jan 14)
Re: Using 0days as part of pen-test? David Howe (Jan 14)
Re: Using 0days as part of pen-test? Jason Ross (Jan 14)
Re: Using 0days as part of pen-test? Dotzero (Jan 14)
Re: Using 0days as part of pen-test? Paul Melson (Jan 14)
Re: Using 0days as part of pen-test? Aarón Mizrachi (Jan 15)
Re: Using 0days as part of pen-test? Morning Wood (Jan 21)
(Thread continues...)
| 
