[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <475C4EBE.6070502@snosoft.com>
Date: Sun, 09 Dec 2007 15:23:26 -0500
From: Simon Smith <simon@...soft.com>
To: reepex <reepex@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Flash that simulates virus scan
looks like I responded to the wrong person... I'm a fool.
reepex wrote:
> the first email from simon asking about where i work following a
> succesful troll of some random kiddie....
>
> On Oct 31, 2007 4:37 PM, Simon Smith <simon@...soft.com
> <mailto:simon@...soft.com>> wrote:
>
> Reepex,
> What company are you with? I'm actually interested in finding
> infosec
> companies that perform real work as opposed to doing everything
> automated. Nice to hear that you're a real tester.
>
> With respect to your question, doesn't msf3 have some of that
> functionality already built into it? Have you already hit all their
> web-apps?
>
> reepex wrote:
>> resulting to se in a pen test cuz you cant break any of the actual
> machines?
>
>> lulz
>
>> On 10/31/07, Joshua Tagnore < joshua.tagnore@...il.com
> <mailto:joshua.tagnore@...il.com>> wrote:
>>> List,
>>>
>>> Some time ago I remember that someone posted a PoC of a small
> site that
>>> had a really nice looking flash animation that "performed a virus
> scan" and
>>> after the "virus scan" was finished, the user was prompted for a
> "Download
>>> virus fix?" question. After that, of course, a file is sent to
> the user and
>>> he got infected with some malware. Right now I'm performing a
> penetration
>>> test, and I would like to target some of the users of the
> corporate LAN, so
>>> I think this approach is the best in order to penetrate to the LAN.
>>>
>>> I searched google but failed to find the URL, could someone
> send it to
>>> me ? Thanks!
>>>
>>> Cheers,
>>> --
>>> Joshua Tagnore
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter:
>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> ------------------------------------------------------------------------
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
- simon
----------------------
http://www.snosoft.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists