Tigerteam, a TV show about pentesting, released back into 2007 was screened at SecureICT conference on 6th, in the evening. Tigerteam, composes of Nickerson Chris, Ryan Jones and Luke McOmie, shows them break into targets they are hired to by their clients. Attacks include exploitation of Human vulnerability, technological attacks, physical attacks etc.
Thursday, October 07, 2010
Tuesday, October 05, 2010
One funny thing i have learned is that several Security Vendors dont really test security effectively even when contracted to do so. Others may say its more of jurisdiction purposes or the scope, but i think if you are paid to minimize risks for a corporation you should do it at the best value possible.
This comes to the topic pentest. A lot of the vendors don't understand what pentest is and thus, that affects their clients, so leaving them at a greater risk due to the fact they leave, telling them they are secure and so letting them, let gaurd down.
One of the Pentest report i got hold of was explaining how there were open ports which they dint or were not able to exploit but had holes as seen from a scanner. To keep it short, should a pentest report have False positives. No, its should have info on entries that were used to get into the target.
They problem is that the above may require a team which is qualified, talented, intelligent and advanced in the field. Lemmie know your thoughts