lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e9d9d4020710312040n70ae26d3h8da29d2090a73051@mail.gmail.com>
Date: Wed, 31 Oct 2007 22:40:22 -0500
From: reepex <reepex@...il.com>
To: jf <jf@...glingpointers.net>, full-disclosure@...ts.grok.org.uk
Subject: Re: Flash that simulates virus scan

dont you listen to pdp ever? the government uses xss and bruteforces
remote desktop logins

http://seclists.org/fulldisclosure/2007/Oct/0417.html

pdp: "military grade exploits? :) dude, I am sorry man.. but you are living
in some kind of a dream world. get real, most of the military hacks
are as simple as bruteforcing the login prompt.. or trying something
as simple as XSS."

------

pdp is an hero and a computer security expert and based on his fans
from the list he is the greatest researched since lcamtuf. his word =
gold



On 11/1/07, jf <jf@...glingpointers.net> wrote:
> must be on one of the .gov red teams ;]
>
>
> On Wed, 31 Oct 2007, reepex wrote:
>
> > Date: Wed, 31 Oct 2007 16:56:20 -0500
> > From: reepex <reepex@...il.com>
> > To: Joshua Tagnore <joshua.tagnore@...il.com>,
> >     full-disclosure@...ts.grok.org.uk
> > Subject: Re: [Full-disclosure] Flash that simulates virus scan
> >
> > resulting to se in a pen test cuz you cant break any of the actual machines?
> >
> > lulz
> >
> > On 10/31/07, Joshua Tagnore <joshua.tagnore@...il.com> wrote:
> > > List,
> > >
> > >     Some time ago I remember that someone posted a PoC of a small site that
> > > had a really nice looking flash animation that "performed a virus scan" and
> > > after the "virus scan" was finished, the user was prompted for a "Download
> > > virus fix?" question. After that, of course, a file is sent to the user and
> > > he got infected with some malware. Right now I'm performing a penetration
> > > test, and I would like to target some of the users of the corporate LAN, so
> > > I think this approach is the best in order to penetrate to the LAN.
> > >
> > >     I searched google but failed to find the URL, could someone send it to
> > > me ? Thanks!
> > >
> > > Cheers,
> > > --
> > > Joshua Tagnore
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ