| To: | "Faheem SIDDIQUI" <fahimdxb@gmail.com> |
|---|---|
| Subject: | Re: Generating awareness amongst IT staff |
| From: | pand0ra <pand0ra.usa@gmail.com> |
| Date: | Sat, 25 Nov 2006 18:59:47 -0700 |
| Cc: | pen-test@securityfocus.com |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Domainkey-signature: | a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=L/NQ9DxSS+/say6GaE4z2Lm+IZxKBpYq5GRgwduYcEleMt+prLf5wdheAq2qy1d3h6cxNFj+H+HX5ltfNBrrPw/z7nHtvK+pxbYkRq6ewfxch5t4pbd0F3YfG0VC0XjcsTVNIEhujEXUuj/6h+bufHhiUiWTb96jSiWKGE/El5I= |
| In-reply-to: | <45686BCD.3000801@gmail.com> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <4562F423.000003.06080@CAILAP> <456562C8.2010700@caramiel.com> <45686BCD.3000801@gmail.com> |
| Resent-date: | Sat, 25 Nov 2006 22:05:56 -0700 (MST) |
| Resent-from: | pen-test-return-1078483046@securityfocus.com |
| Resent-message-id: | <20061126050556.91448236F30@outgoing3.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
Break out Nessus and show them what a vulnerability scan looks like on a test server. Then use Metasploit to show them how easy it is to compromise the box. Try wireshark/favorite packet capture tool and show them how much fun it is to capture unencrypted traffic (preferably their password, which is probably one from a dictionary). Then grab a clue banana then beat them over the head with it. On 11/25/06, Faheem SIDDIQUI <fahimdxb@gmail.com> wrote: I am in the middle od preparing slides for security awareness presentation amongst IT staff (network admins/system/DBAs) etc. Security awareness is quite low amongst these guys and they seem to believe that the way have done it all these years, can continue all the remaining years too. Plan is, to create password hack using Ophcrack and run it during presentation. What else can I do to create real time engaging presentation so that these guys might sit up and take notice. How about doing a pen test on databases? Anyone has any ideas to make this presentation to largely IT technical staff...as engaging as possible? ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Voip security, Mike Klingler |
|---|---|
| Next by Date: | RE: Windows 2003 - Dumping Service Passwords, Jessie Ling XX (MC/EPA) |
| Previous by Thread: | Generating awareness amongst IT staff, Faheem SIDDIQUI |
| Next by Thread: | RE: Default passwords dictionary, hugh_fraser |
| Indexes: | [Date] [Thread] [Top] [All Lists] |