Re: [Full-disclosure] Flash that simulates virus scan

2007-12-09 Thread reepex
the first email from simon asking about where i work following a succesful troll of some random kiddie On Oct 31, 2007 4:37 PM, Simon Smith [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reepex, What company are you with? I'm actually interested in finding

Re: [Full-disclosure] Flash that simulates virus scan

2007-12-09 Thread reepex
my response about a fictional company to keep the game along On Oct 31, 2007 10:03 PM, reepex [EMAIL PROTECTED] wrote: I work at a less known security company that bans use of any automated tools unless under extreme circumstances. These include times such as when have 1000s of ip addresses

Re: [Full-disclosure] Flash that simulates virus scan

2007-12-09 Thread reepex
the next response where simon describes the shortcomings of his company and his wish to partner with people who actually know security On Nov 1, 2007 10:36 AM, Simon Smith [EMAIL PROTECTED] wrote: I am eagerly awaiting your response to my question. We're looking for companies like yours to

Re: [Full-disclosure] Flash that simulates virus scan

2007-12-09 Thread reepex
here is adriel from netragard spouting about his lame company that uses nessusd for all their testing... notice his signature has multiple emails and phone numbers because his is incapable of passing his cissp On Nov 1, 2007 9:31 AM, Adriel Desautels [EMAIL PROTECTED] wrote: We rely on manual

Re: [Full-disclosure] Flash that simulates virus scan

2007-12-09 Thread jf
I've checked within my group about Novell in the past and nobody wanted it. I see the value of this one because of it being a true remote tool, and Novell still has many customers, but the installed base is tiny compared to IE, Java or Flash. The smaller the target audience brings the price down

Re: [Full-disclosure] Flash that simulates virus scan

2007-12-09 Thread Simon Smith
Indeed... I've certainly helped to make a fool of me. ;] Dude VanWinkle wrote: well, confusing reepex with an infosec worker is pretty bad, but we might let you off the hook this one time. Dont let it happen again :-) On Dec 9, 2007 3:23 PM, Simon Smith [EMAIL PROTECTED] wrote: looks

Re: [Full-disclosure] Flash that simulates virus scan

2007-11-01 Thread Simon Smith
PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Flash that simulates virus scan resulting to se in a pen test cuz you cant break any of the actual machines? lulz On 10/31/07, Joshua Tagnore [EMAIL PROTECTED] wrote: List, Some time ago I remember that someone

[Full-disclosure] Flash that simulates virus scan

2007-10-31 Thread Joshua Tagnore
List, Some time ago I remember that someone posted a PoC of a small site that had a really nice looking flash animation that performed a virus scan and after the virus scan was finished, the user was prompted for a Download virus fix? question. After that, of course, a file is sent to the

Re: [Full-disclosure] Flash that simulates virus scan

2007-10-31 Thread reepex
resulting to se in a pen test cuz you cant break any of the actual machines? lulz On 10/31/07, Joshua Tagnore [EMAIL PROTECTED] wrote: List, Some time ago I remember that someone posted a PoC of a small site that had a really nice looking flash animation that performed a virus scan and

Re: [Full-disclosure] Flash that simulates virus scan

2007-10-31 Thread Valdis . Kletnieks
On Wed, 31 Oct 2007 16:56:20 CDT, reepex said: resulting to se in a pen test cuz you cant break any of the actual machines? Lots of *actual* compromises happen the same exact way - resorting to SE. As such, if a pen test doesn't cover the same territory, it's incomplete. Yes, your house is

Re: [Full-disclosure] Flash that simulates virus scan

2007-10-31 Thread Michael Neal Vasquez
It's valid IMO, but also depends on the client expectations. At the outset, the parameters of what's being tested should be well outlined. Some clients prefer purely technical measures for penetration. Others are open to a complete (i.e. SE included) test. Obviously a better choice, but I

Re: [Full-disclosure] Flash that simulates virus scan

2007-10-31 Thread jf
must be on one of the .gov red teams ;] On Wed, 31 Oct 2007, reepex wrote: Date: Wed, 31 Oct 2007 16:56:20 -0500 From: reepex [EMAIL PROTECTED] To: Joshua Tagnore [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Flash that simulates virus scan

Re: [Full-disclosure] Flash that simulates virus scan

2007-10-31 Thread Dude VanWinkle
On 10/31/07, Joshua Tagnore [EMAIL PROTECTED] wrote: List, Some time ago I remember that someone posted a PoC of a small site that had a really nice looking flash animation that performed a virus scan and after the virus scan was finished, the user was prompted for a Download virus fix?

Re: [Full-disclosure] Flash that simulates virus scan

2007-10-31 Thread reepex
of the .gov red teams ;] On Wed, 31 Oct 2007, reepex wrote: Date: Wed, 31 Oct 2007 16:56:20 -0500 From: reepex [EMAIL PROTECTED] To: Joshua Tagnore [EMAIL PROTECTED], full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Flash that simulates virus scan resulting to se in a pen

Re: [Full-disclosure] Flash that simulates virus scan

2007-10-31 Thread scott
Subject: Re: [Full-disclosure] Flash that simulates virus scan resulting to se in a pen test cuz you cant break any of the actual machines? lulz On 10/31/07, Joshua Tagnore [EMAIL PROTECTED] wrote: List, Some time ago I remember that someone posted a PoC of a small site that had a really nice

Re: [Full-disclosure] Flash that simulates virus scan

2007-10-31 Thread Nick FitzGerald
Joshua Tagnore wrote: Some time ago I remember that someone posted a PoC of a small site that had a really nice looking flash animation that performed a virus scan and after the virus scan was finished, the user was prompted for a Download virus fix? question. After that, of course, a