RE: Pentesters getting owned?

["Steve W. Manzuik" <steve () security-sensei com>]

I used to work for one of the final 4 firms and there was a story going
around about a client in Chicago that "counter-attacked" and owned them.
Don't know if it is valid or not but it was the client that told me the
story.  I have experienced network admins monitoring and attempting to drop
connections as the team performs the pen-test.

> -----Original Message-----
> From: dailydave-bounces () lists immunitysec com 
> [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of wirepair
> Sent: Monday, May 03, 2004 6:59 PM
> To: dailydave () lists immunitysec com
> Subject: [Dailydave] Pentesters getting owned?
>
> Has anyone ever heard of or seen a pen-testers laptop get 
> owned while their on site? I was just thinking, sometimes to 
> exploit wacky services you need to open yourself up. Which 
> obviously led me to the hilarious thought (albeit scary if it 
> were me), what if i got owned?
> I think if I were in a different job (it security officer 
> ect) I would most likely scan their machine when they came on 
> site (You don't want a vulnerabler pen-tester hanging around 
> your network breaking in and gaining access, without at least 
> considering their security, right?) Has anyone who has these 
> positions done such a thing?
> Just some fun evening thoughts,
> -wire
>
> --
> Visit Things From Another World for the best comics, movies, 
> toys, collectibles and more.
> http://www.tfaw.com/?qt=wmf
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
> http://www.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave