This is going to be one of those "Mmmm is he a would-be bad guy" type emails...
I want to get hold of precompiled/scripted exploits that I can demonstrate in a security awareness course. I'd set up a victim client, a victim server and an attacker system. With this I can demonstrate how browsers can be manipulated, cookies read, XSS exploited, crafted doc and pdf files downloaded/emailed to gain access to the system. Of course, I want to do all of this for the minimum effort ... I don't have the time (and probably not the skill) to code the exploits myself. I want to do all of this in-house so I can't use externally hosted exploit demonstrations (I have no intention of connecting my demo setup to any other internal network or an external network - certainly not the Internet) So does anyone have examples of exploits - preferably ones that demonstrate the exploit in a dramatic fashion but without doing any damage (I'd rather not have to rebuild the machines for every demo). The security awareness is actually aimed at my IT department - but relates to user desktop security. I only really need a few exploits - the idea being to demonstrate that the vulnerabilities that I describe are *real* and not just a figment of my paranoid imagination. I have a devil of a time convincing them to keep the applications up to date with security patches. I may go on to demonstrate to users as well, as this could temper how they use the Internet and Email (and it will be useful for their home usage of the Internet). If anyone's done this already I'll be grateful to just get a copy if that's possible. Thanks P.S. Anyone got any ground breaking Security Awareness solutions? __________________________________________________ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------