Thanks guys. I will contact the guys you have refereed to me. I have already run some tests but to be very sure all things are in place. Thanks for your responses and advice On Mon, Sep 2, 2013 at 12:49 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
@Adam Vulnerability Assessment allows that, since you can still report a non confirmed flaw, but going further to bypass that service and the IDS infront, and manipulating it, is what penetration testing is. Otherwise, on PT report we don't report unconfirmed vulnerabilities.
On Penetration Testing, the human vulnerability is largely utilized since its the biggest flaw an organization has especially if they are not informed and Security Awareness is not utilized, thats why you will find us stealing wireless keys from a phone or Ipads by social engineering the owner, or trying to impersonate a HP service support, so that we can get close to some HP-UX servers etc.
On 9/2/13, Adam Nelson <adam@varud.com> wrote:
One problem I find with these types of services is that the security people aren't empowered to tell the organization what to do more generally. Many security problems are due to poor development and deployment practices (no automated tests or log analysis), the use of outdated or unlicensed software (Windows Vista, from torrent anybody??), and managing too many services (i.e. hosting you Exchange server instead of using Google Apps).
It's fine to run nmap and tell people that they have an unused port open, but that's really not where most problems lie.
Does anybody know of a consultant that takes a more assertive approach and will take into account human and organizational factors as a major part of the audit? This is something I'd be interested in.
Thanks, Adam
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Sep 2, 2013 at 12:05 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
I usually write about my experiences on my blog http://chuksjonia.blogspot.com/, but personally i don't do Vulnerability Assessment anymore, i specialize on Penetration Testing.
There are several companies that do Vulnerability Assessments in Kenya, i think the best so far is Silensec, on www.silensec.com
On Penetration Testing, am not sure who is yet. But heard in Africa Sensepost seems to do better, but its based in South Africa.
./Chucks
On 9/2/13, Dan Wanjohi <nadwanjohi@gmail.com> wrote:
These guys are in SA but you can always make arrangements to have them come over or do their thing remotely. I don't think you can get their match locally.
Sensepost.. http://www.sensepost.com/
On Sun, Sep 1, 2013 at 6:56 PM, Michael Bullut <main@kipsang.com> wrote:
Social Engineering?
On 1 September 2013 15:28, Gichuki John Chuksjonia <chuksjonia@gmail.com>wrote:
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations.
On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote: > Thanx, l mostly do it as a part time thing > > > On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo < ben@idealtents.com> wrote: > >> For a professional job you need to go beyond the self-hacks on BT >> if you >> are doing it yourself. What is your motivation for carrying this out? Do >> you want to undertake it for discovery or do you want to meet certain >> audit/enterprise requirements? >> >> Are you ready to pay for the service? >> >> If so, I suggest you may want to link with EACADEMY and talk to their >> main >> tester, Charles(charles@eacademygroup.com). He does some amazing things >> with whichever tool he chooses - which is praise in deed coming >> from me! >> >> ..Bernard >> >> >> On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi >> <ericmwangi13@gmail.com>wrote: >> >>> You can do that own ur own especially if you have backtrack >>> installed >>> >>> >>> >>> On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin >>> <godporiot@gmail.com>wrote: >>> >>>> Hello Guys, >>>> >>>> Is there anyone who knows companies that do Vulnerability >>>> Assessments/tests in Kenya? >>>> >>>> I need to contact some of them >>>> >>>> Regards >>>> >>>> _______________________________________________ >>>> skunkworks mailing list >>>> skunkworks@lists.my.co.ke >>>> ------------ >>>> List info, subscribe/unsubscribe >>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>> ------------ >>>> >>>> Skunkworks Rules >>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>> ------------ >>>> Other services @ http://my.co.ke >>>> >>> >>> >>> _______________________________________________ >>> skunkworks mailing list >>> skunkworks@lists.my.co.ke >>> ------------ >>> List info, subscribe/unsubscribe >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>> ------------ >>> >>> Skunkworks Rules >>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>> ------------ >>> Other services @ http://my.co.ke >>> >> >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> >
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- *......................................................... No pressure.....No diamonds!!!*
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke