Very cool. Any chance you could share how you accomplished that? I think that would definitely garner some attention at my organization and maybe help to make a point in my department.
Jeremy Pommerening MGR, Information Security Symbion, Inc. 615-234-8912 Direct 615-429-6883 BB GIAC - GCFA,GPEN, GAWN & GCFW, GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS From: [email protected] [mailto:[email protected]] On Behalf Of Craig Freyman Sent: Thursday, April 22, 2010 9:41 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Security Awareness Training for SysAdmins I recently gave a demo to some of our managers and tech support guys using SET that blew them away. I followed it up with some of the flashy metasploit stuff like the soundrecorder script and the vnc payload. Then, I had Metasploit order me a pizza. The demo had a major impact on them and they're all of a sudden very open to security awareness training and not bitching about having admin rights. On Wed, Apr 21, 2010 at 11:51 PM, Ng Choon Kiat <[email protected]<mailto:[email protected]>> wrote: Hi, I had a simple report on weak password and recommendation. Hope it is helpful for you This is quite silly, it was shared and posted not long ago here. http://twitter.com/cs420 Regards, Grey On Thu, Apr 22, 2010 at 10:27 AM, Jorge A. Orchilles <[email protected]<mailto:[email protected]>> wrote: Hello all, I was asked to put together an outline for a security awareness training/talk/presentation aimed at system and network admins. I would like to show examples and make it fun. Here are my thoughts so far but would like to see if any of you have done this, have resources to point me to, and/or feedback on what I have so far: * Password construction/management * Show online password lists for default passwords * Examples of bruteforcing and cracking * Emphasis on having strong and different passwords for each system * Policy * Online postings related to work * Social networks * Mailing lists * Vendor sites/forums * Following best practices * SANS SCORE * Vendor recommendations * Think of the data Thanks in advance, Jorge Orchilles _______________________________________________ Pauldotcom mailing list [email protected]<mailto:[email protected]> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com<http://pauldotcom.com/> _______________________________________________ Pauldotcom mailing list [email protected]<mailto:[email protected]> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
