One problem I find with these types of services is that the security people aren't empowered to tell the organization what to do more generally. Many security problems are due to poor development and deployment practices (no automated tests or log analysis), the use of outdated or unlicensed software (Windows Vista, from torrent anybody??), and managing too many services (i.e. hosting you Exchange server instead of using Google Apps). It's fine to run nmap and tell people that they have an unused port open, but that's really not where most problems lie. Does anybody know of a consultant that takes a more assertive approach and will take into account human and organizational factors as a major part of the audit? This is something I'd be interested in. Thanks, Adam -- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson On Mon, Sep 2, 2013 at 12:05 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
I usually write about my experiences on my blog http://chuksjonia.blogspot.com/, but personally i don't do Vulnerability Assessment anymore, i specialize on Penetration Testing.
There are several companies that do Vulnerability Assessments in Kenya, i think the best so far is Silensec, on www.silensec.com
On Penetration Testing, am not sure who is yet. But heard in Africa Sensepost seems to do better, but its based in South Africa.
./Chucks
On 9/2/13, Dan Wanjohi <nadwanjohi@gmail.com> wrote:
These guys are in SA but you can always make arrangements to have them come over or do their thing remotely. I don't think you can get their match locally.
Sensepost.. http://www.sensepost.com/
On Sun, Sep 1, 2013 at 6:56 PM, Michael Bullut <main@kipsang.com> wrote:
Social Engineering?
On 1 September 2013 15:28, Gichuki John Chuksjonia <chuksjonia@gmail.com>wrote:
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations.
On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote:
Thanx, l mostly do it as a part time thing
On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo <ben@idealtents.com> wrote:
For a professional job you need to go beyond the self-hacks on BT if you are doing it yourself. What is your motivation for carrying this out? Do you want to undertake it for discovery or do you want to meet certain audit/enterprise requirements?
Are you ready to pay for the service?
If so, I suggest you may want to link with EACADEMY and talk to their main tester, Charles(charles@eacademygroup.com). He does some amazing things with whichever tool he chooses - which is praise in deed coming from me!
..Bernard
On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi <ericmwangi13@gmail.com>wrote:
> You can do that own ur own especially if you have backtrack > installed > > > > On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin > <godporiot@gmail.com>wrote: > >> Hello Guys, >> >> Is there anyone who knows companies that do Vulnerability >> Assessments/tests in Kenya? >> >> I need to contact some of them >> >> Regards >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> > > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- *......................................................... No pressure.....No diamonds!!!*
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke