[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Flash that simulates virus scan
- To: Dude VanWinkle <dudevanwinkle@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Flash that simulates virus scan
- From: Simon Smith <simon@xxxxxxxxxxx>
- Date: Sun, 09 Dec 2007 16:33:58 -0500
Indeed... I've certainly helped to make a fool of me. ;]
Dude VanWinkle wrote:
> well, confusing reepex with an infosec worker is pretty bad, but we
> might let you off the hook this one time.
>
> Dont let it happen again :-)
>
> On Dec 9, 2007 3:23 PM, Simon Smith <simon@xxxxxxxxxxx> wrote:
>> looks like I responded to the wrong person... I'm a fool.
>>
>> reepex wrote:
>>> the first email from simon asking about where i work following a
>>> succesful troll of some random kiddie....
>>>
>>> On Oct 31, 2007 4:37 PM, Simon Smith <simon@xxxxxxxxxxx
>>> <mailto:simon@xxxxxxxxxxx>> wrote:
>>>
>>> Reepex,
>>> What company are you with? I'm actually interested in finding
>>> infosec
>>> companies that perform real work as opposed to doing everything
>>> automated. Nice to hear that you're a real tester.
>>>
>>> With respect to your question, doesn't msf3 have some of that
>>> functionality already built into it? Have you already hit all their
>>> web-apps?
>>>
>>> reepex wrote:
>>>> resulting to se in a pen test cuz you cant break any of the actual
>>> machines?
>>>
>>>> lulz
>>>> On 10/31/07, Joshua Tagnore < joshua.tagnore@xxxxxxxxx
>>> <mailto:joshua.tagnore@xxxxxxxxx>> wrote:
>>>>> List,
>>>>>
>>>>> Some time ago I remember that someone posted a PoC of a small
>>> site that
>>>>> had a really nice looking flash animation that "performed a virus
>>> scan" and
>>>>> after the "virus scan" was finished, the user was prompted for a
>>> "Download
>>>>> virus fix?" question. After that, of course, a file is sent to
>>> the user and
>>>>> he got infected with some malware. Right now I'm performing a
>>> penetration
>>>>> test, and I would like to target some of the users of the
>>> corporate LAN, so
>>>>> I think this approach is the best in order to penetrate to the LAN.
>>>>>
>>>>> I searched google but failed to find the URL, could someone
>>> send it to
>>>>> me ? Thanks!
>>>>>
>>>>> Cheers,
>>>>> --
>>>>> Joshua Tagnore
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter:
>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it.
>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>> ------------------------------------------------------------------------
>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> --
>>
>> - simon
>>
>> ----------------------
>> http://www.snosoft.com
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
--
- simon
----------------------
http://www.snosoft.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/