| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 09 Dec 2007 15:23:26 -0500 From: Simon Smith <simon@...soft.com> To: reepex <reepex@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Flash that simulates virus scan looks like I responded to the wrong person... I'm a fool. reepex wrote: > the first email from simon asking about where i work following a > succesful troll of some random kiddie.... > > On Oct 31, 2007 4:37 PM, Simon Smith <simon@...soft.com > <mailto:simon@...soft.com>> wrote: > > Reepex, > What company are you with? I'm actually interested in finding > infosec > companies that perform real work as opposed to doing everything > automated. Nice to hear that you're a real tester. > > With respect to your question, doesn't msf3 have some of that > functionality already built into it? Have you already hit all their > web-apps? > > reepex wrote: >> resulting to se in a pen test cuz you cant break any of the actual > machines? > >> lulz > >> On 10/31/07, Joshua Tagnore < joshua.tagnore@...il.com > <mailto:joshua.tagnore@...il.com>> wrote: >>> List, >>> >>> Some time ago I remember that someone posted a PoC of a small > site that >>> had a really nice looking flash animation that "performed a virus > scan" and >>> after the "virus scan" was finished, the user was prompted for a > "Download >>> virus fix?" question. After that, of course, a file is sent to > the user and >>> he got infected with some malware. Right now I'm performing a > penetration >>> test, and I would like to target some of the users of the > corporate LAN, so >>> I think this approach is the best in order to penetrate to the LAN. >>> >>> I searched google but failed to find the URL, could someone > send it to >>> me ? Thanks! >>> >>> Cheers, >>> -- >>> Joshua Tagnore >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: >>> http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> > >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > ------------------------------------------------------------------------ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- - simon ---------------------- http://www.snosoft.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists