what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Sunday, January 16, 2011

Before PT, Call-inject

Just before a PT Op, clients who understand PT and VA will tend to call, maybe via management or even with their Technical Security Departments, and will ask you as the pentester several questions, maybe about Owasp, methodologies, tools, etc During this session, i tend to listen and also ask questions cause they tend to also lead to Pre-Infor gathering just before the projects.

This actually worked some months ago last year, when doing a PT on a big organization which was using Windows Domain Controllers and was also reachable via the internet. This wasnt to be figured out before the operation, it was to, after negotiations and the start of work.

Companies should be aware of such errors/flaws/human weaknesses, due to the fact that, the pentesters who dont win the bids tend not to be unhappy, and may have discovered that information via the phone-calls.


./Chuks

No comments: