Security Basics mailing list archives
Re: Pen testing for educational purposes
From: bgreene () gdn net
Date: 7 Aug 2008 14:23:00 -0000
This sounds more like a hack-off than a course test. I'd be interested to know how you are going to handle the "social engineering" tests seeing how that works by the person not knowing they are being socially engineered. Otherwise you could setup challenges that would simulate the mark you are trying to accomplish. 1) Social Engineer stolen encrypted data physically from a machine. 2) Crack the encryption 3) Compromise a website and access the db You could go one further and add a balance to the system, that would be an opposing team that would be trying to counter or mitigate the attackers. Each team would act as both, with both parts of the challenge counting toward points or a grade. Getting in is one thing, keeping people out is entirely different.
Current thread:
- Pen testing for educational purposes dimkovtrajce (Aug 07)
- Re: Pen testing for educational purposes Micheal Cottingham (Aug 07)
- Re: Pen testing for educational purposes Micheal Cottingham (Aug 07)
- <Possible follow-ups>
- Re: Pen testing for educational purposes bgreene (Aug 07)
- Pen testing for educational purposes dimkovtrajce (Aug 08)
- Re: Pen testing for educational purposes Micheal Cottingham (Aug 07)