I'd set up a Trojan thumb drive to report home to a c&c server. Thn you could message the machine to change the background & shutdown
On May 3, 2010, at 5:27 PM, Robin Wood <[email protected]> wrote: > Thanks for all the suggestions, I think I like this one the best, I > might set something up on a site so I can access it from my phone. Tie > this with an SMS service I've got that lets me specify the sender > number I could have some fun. Email and SMS the person from someone > else in the room. > > Robin > > On 3 May 2010 20:55, Andrew Ellis <[email protected]> wrote: >> A trick I've used for a while is keeping a protected email spoofing >> form on my web server. That way when I'm asked to "demo" my skills, I >> can simply send the person an email from theirself or the like. >> >> This has the advantage of looking pretty cool to laymen and, as far >> as >> I know, isn't illegal. >> >> It's definitely not a "1337 hack" but it's a nice way to show the >> types of things that can be done without getting in too much trouble. >> >> -Andrew >> >> On 5/3/10, Chris Clymer <[email protected]> wrote: >>> Rather than a live demo, better tactic might be telling a story >>> about >>> a vulnerability in joe sixpack terms. The pizza coupon thing >>> (dominos?) a few months back is a good example. >>> >>> I see a lot of downsides to letting folks at a party pressure you >>> into >>> a live demo. You are basically allowing strangers to SE you. If >>> you >>> show a successful demo, you just know the next question will come: >>> so >>> can you hack into so-and-so's facebook account? ;) >>> >>> When you consider the potential for demo fail too, this is really a >>> lose/lose situation :( >>> >>> ------------------------- >>> securityjustice.com | chrisclymer.com >>> >>> >>> On May 3, 2010, at 11:54 AM, Robin Wood <[email protected]> wrote: >>> >>>> Hi >>>> At a party the other day I was asked the normal question of what >>>> do I >>>> do for a living. I said security and kept it a bit vague but was >>>> pressed so explained what pen-testing is and roughly what I do. I >>>> then >>>> got the challenge, prove it, prove you can hack a company. >>>> >>>> People would say to a dentist, prove you can do a filling but this >>>> person insisted they wanted a demo. I explained the legalities and >>>> finally fobbed them off and got away but it got me thinking, has >>>> anyone got any good party tricks that they can pull in this kind of >>>> situation that give an instant wow but are easy to do and legal? >>>> Not >>>> quite legal but I was thinking if I knew any big sites with XSS I >>>> could rewrite but none came to mind at that time. >>>> >>>> Robin >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> -- >> Andrew >> http://blog.psych0tik.net >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
