| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e024ccca0712091256u53eec5c6u42a775eceb825272@mail.gmail.com> Date: Sun, 9 Dec 2007 15:56:41 -0500 From: "Dude VanWinkle" <dudevanwinkle@...il.com> To: "Simon Smith" <simon@...soft.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Flash that simulates virus scan well, confusing reepex with an infosec worker is pretty bad, but we might let you off the hook this one time. Dont let it happen again :-) On Dec 9, 2007 3:23 PM, Simon Smith <simon@...soft.com> wrote: > looks like I responded to the wrong person... I'm a fool. > > reepex wrote: > > the first email from simon asking about where i work following a > > succesful troll of some random kiddie.... > > > > On Oct 31, 2007 4:37 PM, Simon Smith <simon@...soft.com > > <mailto:simon@...soft.com>> wrote: > > > > Reepex, > > What company are you with? I'm actually interested in finding > > infosec > > companies that perform real work as opposed to doing everything > > automated. Nice to hear that you're a real tester. > > > > With respect to your question, doesn't msf3 have some of that > > functionality already built into it? Have you already hit all their > > web-apps? > > > > reepex wrote: > >> resulting to se in a pen test cuz you cant break any of the actual > > machines? > > > >> lulz > > > >> On 10/31/07, Joshua Tagnore < joshua.tagnore@...il.com > > > <mailto:joshua.tagnore@...il.com>> wrote: > >>> List, > >>> > >>> Some time ago I remember that someone posted a PoC of a small > > site that > >>> had a really nice looking flash animation that "performed a virus > > scan" and > >>> after the "virus scan" was finished, the user was prompted for a > > "Download > >>> virus fix?" question. After that, of course, a file is sent to > > the user and > >>> he got infected with some malware. Right now I'm performing a > > penetration > >>> test, and I would like to target some of the users of the > > corporate LAN, so > >>> I think this approach is the best in order to penetrate to the LAN. > >>> > >>> I searched google but failed to find the URL, could someone > > send it to > >>> me ? Thanks! > >>> > >>> Cheers, > >>> -- > >>> Joshua Tagnore > >>> _______________________________________________ > >>> Full-Disclosure - We believe in it. > >>> Charter: > >>> http://lists.grok.org.uk/full-disclosure-charter.html > >>> Hosted and sponsored by Secunia - http://secunia.com/ > >>> > > > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > -- > > - simon > > ---------------------- > http://www.snosoft.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists