| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <475C5F46.6000306@snosoft.com> Date: Sun, 09 Dec 2007 16:33:58 -0500 From: Simon Smith <simon@...soft.com> To: Dude VanWinkle <dudevanwinkle@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Flash that simulates virus scan Indeed... I've certainly helped to make a fool of me. ;] Dude VanWinkle wrote: > well, confusing reepex with an infosec worker is pretty bad, but we > might let you off the hook this one time. > > Dont let it happen again :-) > > On Dec 9, 2007 3:23 PM, Simon Smith <simon@...soft.com> wrote: >> looks like I responded to the wrong person... I'm a fool. >> >> reepex wrote: >>> the first email from simon asking about where i work following a >>> succesful troll of some random kiddie.... >>> >>> On Oct 31, 2007 4:37 PM, Simon Smith <simon@...soft.com >>> <mailto:simon@...soft.com>> wrote: >>> >>> Reepex, >>> What company are you with? I'm actually interested in finding >>> infosec >>> companies that perform real work as opposed to doing everything >>> automated. Nice to hear that you're a real tester. >>> >>> With respect to your question, doesn't msf3 have some of that >>> functionality already built into it? Have you already hit all their >>> web-apps? >>> >>> reepex wrote: >>>> resulting to se in a pen test cuz you cant break any of the actual >>> machines? >>> >>>> lulz >>>> On 10/31/07, Joshua Tagnore < joshua.tagnore@...il.com >>> <mailto:joshua.tagnore@...il.com>> wrote: >>>>> List, >>>>> >>>>> Some time ago I remember that someone posted a PoC of a small >>> site that >>>>> had a really nice looking flash animation that "performed a virus >>> scan" and >>>>> after the "virus scan" was finished, the user was prompted for a >>> "Download >>>>> virus fix?" question. After that, of course, a file is sent to >>> the user and >>>>> he got infected with some malware. Right now I'm performing a >>> penetration >>>>> test, and I would like to target some of the users of the >>> corporate LAN, so >>>>> I think this approach is the best in order to penetrate to the LAN. >>>>> >>>>> I searched google but failed to find the URL, could someone >>> send it to >>>>> me ? Thanks! >>>>> >>>>> Cheers, >>>>> -- >>>>> Joshua Tagnore >>>>> _______________________________________________ >>>>> Full-Disclosure - We believe in it. >>>>> Charter: >>>>> http://lists.grok.org.uk/full-disclosure-charter.html >>>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> ------------------------------------------------------------------------ >> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >> >> -- >> >> - simon >> >> ---------------------- >> http://www.snosoft.com >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> -- - simon ---------------------- http://www.snosoft.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists