[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Flash that simulates virus scan

To: jf <jf@xxxxxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Flash that simulates virus scan
From: reepex <reepex@xxxxxxxxx>
Date: Wed, 31 Oct 2007 22:40:22 -0500

dont you listen to pdp ever? the government uses xss and bruteforces
remote desktop logins

http://seclists.org/fulldisclosure/2007/Oct/0417.html

pdp: "military grade exploits? :) dude, I am sorry man.. but you are living
in some kind of a dream world. get real, most of the military hacks
are as simple as bruteforcing the login prompt.. or trying something
as simple as XSS."

------

pdp is an hero and a computer security expert and based on his fans
from the list he is the greatest researched since lcamtuf. his word =
gold



On 11/1/07, jf <jf@xxxxxxxxxxxxxxxxxxxx> wrote:
> must be on one of the .gov red teams ;]
>
>
> On Wed, 31 Oct 2007, reepex wrote:
>
> > Date: Wed, 31 Oct 2007 16:56:20 -0500
> > From: reepex <reepex@xxxxxxxxx>
> > To: Joshua Tagnore <joshua.tagnore@xxxxxxxxx>,
> >     full-disclosure@xxxxxxxxxxxxxxxxx
> > Subject: Re: [Full-disclosure] Flash that simulates virus scan
> >
> > resulting to se in a pen test cuz you cant break any of the actual machines?
> >
> > lulz
> >
> > On 10/31/07, Joshua Tagnore <joshua.tagnore@xxxxxxxxx> wrote:
> > > List,
> > >
> > >     Some time ago I remember that someone posted a PoC of a small site 
> > > that
> > > had a really nice looking flash animation that "performed a virus scan" 
> > > and
> > > after the "virus scan" was finished, the user was prompted for a "Download
> > > virus fix?" question. After that, of course, a file is sent to the user 
> > > and
> > > he got infected with some malware. Right now I'm performing a penetration
> > > test, and I would like to target some of the users of the corporate LAN, 
> > > so
> > > I think this approach is the best in order to penetrate to the LAN.
> > >
> > >     I searched google but failed to find the URL, could someone send it to
> > > me ? Thanks!
> > >
> > > Cheers,
> > > --
> > > Joshua Tagnore
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > > http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Flash that simulates virus scan
  - From: scott
- Re: [Full-disclosure] Flash that simulates virus scan
  - From: Simon Smith

References:
- [Full-disclosure] Flash that simulates virus scan
  - From: Joshua Tagnore
- Re: [Full-disclosure] Flash that simulates virus scan
  - From: reepex
- Re: [Full-disclosure] Flash that simulates virus scan
  - From: jf

Prev by Date: Re: [Full-disclosure] spammer wades into US Presidential race
Next by Date: Re: [Full-disclosure] ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability
Previous by thread: Re: [Full-disclosure] Flash that simulates virus scan
Next by thread: Re: [Full-disclosure] Flash that simulates virus scan
Index(es):
- Date
- Thread