Vulnerability Assessment Companies in Kenya(IT)
Hello Guys, Is there anyone who knows companies that do Vulnerability Assessments/tests in Kenya? I need to contact some of them Regards
You can do that own ur own especially if you have backtrack installed On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin <godporiot@gmail.com> wrote:
Hello Guys,
Is there anyone who knows companies that do Vulnerability Assessments/tests in Kenya?
I need to contact some of them
Regards
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
For a professional job you need to go beyond the self-hacks on BT if you are doing it yourself. What is your motivation for carrying this out? Do you want to undertake it for discovery or do you want to meet certain audit/enterprise requirements? Are you ready to pay for the service? If so, I suggest you may want to link with EACADEMY and talk to their main tester, Charles(charles@eacademygroup.com). He does some amazing things with whichever tool he chooses - which is praise in deed coming from me! ..Bernard On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi <ericmwangi13@gmail.com> wrote:
You can do that own ur own especially if you have backtrack installed
On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin <godporiot@gmail.com>wrote:
Hello Guys,
Is there anyone who knows companies that do Vulnerability Assessments/tests in Kenya?
I need to contact some of them
Regards
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Thanx, l mostly do it as a part time thing On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo <ben@idealtents.com> wrote:
For a professional job you need to go beyond the self-hacks on BT if you are doing it yourself. What is your motivation for carrying this out? Do you want to undertake it for discovery or do you want to meet certain audit/enterprise requirements?
Are you ready to pay for the service?
If so, I suggest you may want to link with EACADEMY and talk to their main tester, Charles(charles@eacademygroup.com). He does some amazing things with whichever tool he chooses - which is praise in deed coming from me!
..Bernard
On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi <ericmwangi13@gmail.com>wrote:
You can do that own ur own especially if you have backtrack installed
On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin <godporiot@gmail.com>wrote:
Hello Guys,
Is there anyone who knows companies that do Vulnerability Assessments/tests in Kenya?
I need to contact some of them
Regards
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations. On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote:
Thanx, l mostly do it as a part time thing
On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo <ben@idealtents.com> wrote:
For a professional job you need to go beyond the self-hacks on BT if you are doing it yourself. What is your motivation for carrying this out? Do you want to undertake it for discovery or do you want to meet certain audit/enterprise requirements?
Are you ready to pay for the service?
If so, I suggest you may want to link with EACADEMY and talk to their main tester, Charles(charles@eacademygroup.com). He does some amazing things with whichever tool he chooses - which is praise in deed coming from me!
..Bernard
On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi <ericmwangi13@gmail.com>wrote:
You can do that own ur own especially if you have backtrack installed
On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin <godporiot@gmail.com>wrote:
Hello Guys,
Is there anyone who knows companies that do Vulnerability Assessments/tests in Kenya?
I need to contact some of them
Regards
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
Social Engineering? On 1 September 2013 15:28, Gichuki John Chuksjonia <chuksjonia@gmail.com>wrote:
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations.
On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote:
Thanx, l mostly do it as a part time thing
On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo <ben@idealtents.com> wrote:
For a professional job you need to go beyond the self-hacks on BT if you are doing it yourself. What is your motivation for carrying this out? Do you want to undertake it for discovery or do you want to meet certain audit/enterprise requirements?
Are you ready to pay for the service?
If so, I suggest you may want to link with EACADEMY and talk to their main tester, Charles(charles@eacademygroup.com). He does some amazing things with whichever tool he chooses - which is praise in deed coming from me!
..Bernard
On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi <ericmwangi13@gmail.com>wrote:
You can do that own ur own especially if you have backtrack installed
On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin <godporiot@gmail.com>wrote:
Hello Guys,
Is there anyone who knows companies that do Vulnerability Assessments/tests in Kenya?
I need to contact some of them
Regards
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
These guys are in SA but you can always make arrangements to have them come over or do their thing remotely. I don't think you can get their match locally. Sensepost.. http://www.sensepost.com/ On Sun, Sep 1, 2013 at 6:56 PM, Michael Bullut <main@kipsang.com> wrote:
Social Engineering?
On 1 September 2013 15:28, Gichuki John Chuksjonia <chuksjonia@gmail.com>wrote:
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations.
On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote:
Thanx, l mostly do it as a part time thing
On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo <ben@idealtents.com> wrote:
For a professional job you need to go beyond the self-hacks on BT if you are doing it yourself. What is your motivation for carrying this out? Do you want to undertake it for discovery or do you want to meet certain audit/enterprise requirements?
Are you ready to pay for the service?
If so, I suggest you may want to link with EACADEMY and talk to their main tester, Charles(charles@eacademygroup.com). He does some amazing things with whichever tool he chooses - which is praise in deed coming from me!
..Bernard
On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi <ericmwangi13@gmail.com>wrote:
You can do that own ur own especially if you have backtrack installed
On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin <godporiot@gmail.com>wrote:
Hello Guys,
Is there anyone who knows companies that do Vulnerability Assessments/tests in Kenya?
I need to contact some of them
Regards
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- *......................................................... No pressure.....No diamonds!!!*
I usually write about my experiences on my blog http://chuksjonia.blogspot.com/, but personally i don't do Vulnerability Assessment anymore, i specialize on Penetration Testing. There are several companies that do Vulnerability Assessments in Kenya, i think the best so far is Silensec, on www.silensec.com On Penetration Testing, am not sure who is yet. But heard in Africa Sensepost seems to do better, but its based in South Africa. ./Chucks On 9/2/13, Dan Wanjohi <nadwanjohi@gmail.com> wrote:
These guys are in SA but you can always make arrangements to have them come over or do their thing remotely. I don't think you can get their match locally.
Sensepost.. http://www.sensepost.com/
On Sun, Sep 1, 2013 at 6:56 PM, Michael Bullut <main@kipsang.com> wrote:
Social Engineering?
On 1 September 2013 15:28, Gichuki John Chuksjonia <chuksjonia@gmail.com>wrote:
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations.
On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote:
Thanx, l mostly do it as a part time thing
On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo <ben@idealtents.com> wrote:
For a professional job you need to go beyond the self-hacks on BT if you are doing it yourself. What is your motivation for carrying this out? Do you want to undertake it for discovery or do you want to meet certain audit/enterprise requirements?
Are you ready to pay for the service?
If so, I suggest you may want to link with EACADEMY and talk to their main tester, Charles(charles@eacademygroup.com). He does some amazing things with whichever tool he chooses - which is praise in deed coming from me!
..Bernard
On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi <ericmwangi13@gmail.com>wrote:
You can do that own ur own especially if you have backtrack installed
On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin <godporiot@gmail.com>wrote:
> Hello Guys, > > Is there anyone who knows companies that do Vulnerability > Assessments/tests in Kenya? > > I need to contact some of them > > Regards > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- *......................................................... No pressure.....No diamonds!!!*
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
One problem I find with these types of services is that the security people aren't empowered to tell the organization what to do more generally. Many security problems are due to poor development and deployment practices (no automated tests or log analysis), the use of outdated or unlicensed software (Windows Vista, from torrent anybody??), and managing too many services (i.e. hosting you Exchange server instead of using Google Apps). It's fine to run nmap and tell people that they have an unused port open, but that's really not where most problems lie. Does anybody know of a consultant that takes a more assertive approach and will take into account human and organizational factors as a major part of the audit? This is something I'd be interested in. Thanks, Adam -- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson On Mon, Sep 2, 2013 at 12:05 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
I usually write about my experiences on my blog http://chuksjonia.blogspot.com/, but personally i don't do Vulnerability Assessment anymore, i specialize on Penetration Testing.
There are several companies that do Vulnerability Assessments in Kenya, i think the best so far is Silensec, on www.silensec.com
On Penetration Testing, am not sure who is yet. But heard in Africa Sensepost seems to do better, but its based in South Africa.
./Chucks
On 9/2/13, Dan Wanjohi <nadwanjohi@gmail.com> wrote:
These guys are in SA but you can always make arrangements to have them come over or do their thing remotely. I don't think you can get their match locally.
Sensepost.. http://www.sensepost.com/
On Sun, Sep 1, 2013 at 6:56 PM, Michael Bullut <main@kipsang.com> wrote:
Social Engineering?
On 1 September 2013 15:28, Gichuki John Chuksjonia <chuksjonia@gmail.com>wrote:
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations.
On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote:
Thanx, l mostly do it as a part time thing
On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo <ben@idealtents.com> wrote:
For a professional job you need to go beyond the self-hacks on BT if you are doing it yourself. What is your motivation for carrying this out? Do you want to undertake it for discovery or do you want to meet certain audit/enterprise requirements?
Are you ready to pay for the service?
If so, I suggest you may want to link with EACADEMY and talk to their main tester, Charles(charles@eacademygroup.com). He does some amazing things with whichever tool he chooses - which is praise in deed coming from me!
..Bernard
On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi <ericmwangi13@gmail.com>wrote:
> You can do that own ur own especially if you have backtrack > installed > > > > On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin > <godporiot@gmail.com>wrote: > >> Hello Guys, >> >> Is there anyone who knows companies that do Vulnerability >> Assessments/tests in Kenya? >> >> I need to contact some of them >> >> Regards >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> > > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- *......................................................... No pressure.....No diamonds!!!*
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
@Adam Vulnerability Assessment allows that, since you can still report a non confirmed flaw, but going further to bypass that service and the IDS infront, and manipulating it, is what penetration testing is. Otherwise, on PT report we don't report unconfirmed vulnerabilities. On Penetration Testing, the human vulnerability is largely utilized since its the biggest flaw an organization has especially if they are not informed and Security Awareness is not utilized, thats why you will find us stealing wireless keys from a phone or Ipads by social engineering the owner, or trying to impersonate a HP service support, so that we can get close to some HP-UX servers etc. On 9/2/13, Adam Nelson <adam@varud.com> wrote:
One problem I find with these types of services is that the security people aren't empowered to tell the organization what to do more generally. Many security problems are due to poor development and deployment practices (no automated tests or log analysis), the use of outdated or unlicensed software (Windows Vista, from torrent anybody??), and managing too many services (i.e. hosting you Exchange server instead of using Google Apps).
It's fine to run nmap and tell people that they have an unused port open, but that's really not where most problems lie.
Does anybody know of a consultant that takes a more assertive approach and will take into account human and organizational factors as a major part of the audit? This is something I'd be interested in.
Thanks, Adam
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Sep 2, 2013 at 12:05 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
I usually write about my experiences on my blog http://chuksjonia.blogspot.com/, but personally i don't do Vulnerability Assessment anymore, i specialize on Penetration Testing.
There are several companies that do Vulnerability Assessments in Kenya, i think the best so far is Silensec, on www.silensec.com
On Penetration Testing, am not sure who is yet. But heard in Africa Sensepost seems to do better, but its based in South Africa.
./Chucks
On 9/2/13, Dan Wanjohi <nadwanjohi@gmail.com> wrote:
These guys are in SA but you can always make arrangements to have them come over or do their thing remotely. I don't think you can get their match locally.
Sensepost.. http://www.sensepost.com/
On Sun, Sep 1, 2013 at 6:56 PM, Michael Bullut <main@kipsang.com> wrote:
Social Engineering?
On 1 September 2013 15:28, Gichuki John Chuksjonia <chuksjonia@gmail.com>wrote:
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations.
On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote:
Thanx, l mostly do it as a part time thing
On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo <ben@idealtents.com> wrote:
> For a professional job you need to go beyond the self-hacks on BT > if you > are doing it yourself. What is your motivation for carrying this out? Do > you want to undertake it for discovery or do you want to meet certain > audit/enterprise requirements? > > Are you ready to pay for the service? > > If so, I suggest you may want to link with EACADEMY and talk to their > main > tester, Charles(charles@eacademygroup.com). He does some amazing things > with whichever tool he chooses - which is praise in deed coming > from me! > > ..Bernard > > > On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi > <ericmwangi13@gmail.com>wrote: > >> You can do that own ur own especially if you have backtrack >> installed >> >> >> >> On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin >> <godporiot@gmail.com>wrote: >> >>> Hello Guys, >>> >>> Is there anyone who knows companies that do Vulnerability >>> Assessments/tests in Kenya? >>> >>> I need to contact some of them >>> >>> Regards >>> >>> _______________________________________________ >>> skunkworks mailing list >>> skunkworks@lists.my.co.ke >>> ------------ >>> List info, subscribe/unsubscribe >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>> ------------ >>> >>> Skunkworks Rules >>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>> ------------ >>> Other services @ http://my.co.ke >>> >> >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> > > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- *......................................................... No pressure.....No diamonds!!!*
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com {FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/
Thanks guys. I will contact the guys you have refereed to me. I have already run some tests but to be very sure all things are in place. Thanks for your responses and advice On Mon, Sep 2, 2013 at 12:49 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
@Adam Vulnerability Assessment allows that, since you can still report a non confirmed flaw, but going further to bypass that service and the IDS infront, and manipulating it, is what penetration testing is. Otherwise, on PT report we don't report unconfirmed vulnerabilities.
On Penetration Testing, the human vulnerability is largely utilized since its the biggest flaw an organization has especially if they are not informed and Security Awareness is not utilized, thats why you will find us stealing wireless keys from a phone or Ipads by social engineering the owner, or trying to impersonate a HP service support, so that we can get close to some HP-UX servers etc.
On 9/2/13, Adam Nelson <adam@varud.com> wrote:
One problem I find with these types of services is that the security people aren't empowered to tell the organization what to do more generally. Many security problems are due to poor development and deployment practices (no automated tests or log analysis), the use of outdated or unlicensed software (Windows Vista, from torrent anybody??), and managing too many services (i.e. hosting you Exchange server instead of using Google Apps).
It's fine to run nmap and tell people that they have an unused port open, but that's really not where most problems lie.
Does anybody know of a consultant that takes a more assertive approach and will take into account human and organizational factors as a major part of the audit? This is something I'd be interested in.
Thanks, Adam
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Sep 2, 2013 at 12:05 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
I usually write about my experiences on my blog http://chuksjonia.blogspot.com/, but personally i don't do Vulnerability Assessment anymore, i specialize on Penetration Testing.
There are several companies that do Vulnerability Assessments in Kenya, i think the best so far is Silensec, on www.silensec.com
On Penetration Testing, am not sure who is yet. But heard in Africa Sensepost seems to do better, but its based in South Africa.
./Chucks
On 9/2/13, Dan Wanjohi <nadwanjohi@gmail.com> wrote:
These guys are in SA but you can always make arrangements to have them come over or do their thing remotely. I don't think you can get their match locally.
Sensepost.. http://www.sensepost.com/
On Sun, Sep 1, 2013 at 6:56 PM, Michael Bullut <main@kipsang.com> wrote:
Social Engineering?
On 1 September 2013 15:28, Gichuki John Chuksjonia <chuksjonia@gmail.com>wrote:
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations.
On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote: > Thanx, l mostly do it as a part time thing > > > On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo < ben@idealtents.com> wrote: > >> For a professional job you need to go beyond the self-hacks on BT >> if you >> are doing it yourself. What is your motivation for carrying this out? Do >> you want to undertake it for discovery or do you want to meet certain >> audit/enterprise requirements? >> >> Are you ready to pay for the service? >> >> If so, I suggest you may want to link with EACADEMY and talk to their >> main >> tester, Charles(charles@eacademygroup.com). He does some amazing things >> with whichever tool he chooses - which is praise in deed coming >> from me! >> >> ..Bernard >> >> >> On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi >> <ericmwangi13@gmail.com>wrote: >> >>> You can do that own ur own especially if you have backtrack >>> installed >>> >>> >>> >>> On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin >>> <godporiot@gmail.com>wrote: >>> >>>> Hello Guys, >>>> >>>> Is there anyone who knows companies that do Vulnerability >>>> Assessments/tests in Kenya? >>>> >>>> I need to contact some of them >>>> >>>> Regards >>>> >>>> _______________________________________________ >>>> skunkworks mailing list >>>> skunkworks@lists.my.co.ke >>>> ------------ >>>> List info, subscribe/unsubscribe >>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>>> ------------ >>>> >>>> Skunkworks Rules >>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>>> ------------ >>>> Other services @ http://my.co.ke >>>> >>> >>> >>> _______________________________________________ >>> skunkworks mailing list >>> skunkworks@lists.my.co.ke >>> ------------ >>> List info, subscribe/unsubscribe >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>> ------------ >>> >>> Skunkworks Rules >>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>> ------------ >>> Other services @ http://my.co.ke >>> >> >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> >
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- *......................................................... No pressure.....No diamonds!!!*
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Adam. I fully agree with you and shun any "security testers" who operate within the scope of "let me show you how it *could* happen" as opposed to "let me show you how it *will* happen". Template-based testers also leave organizations vulnerable missing out on the specific risk within the organization vis-a-vie the company's risk appetite. That's why frameworks like Octave-S/Allegro, NIST come into play to offer a holistic risk mitigation approach. Knowledge on what to look out for is also scanty though that's a debate for another day. Shoot me an email and we could engage further on this. -ty
@ ADAM for what your looking for try Isolutions Associates, they offer a holistic approach On 2 September 2013 12:27, Adam Nelson <adam@varud.com> wrote:
One problem I find with these types of services is that the security people aren't empowered to tell the organization what to do more generally. Many security problems are due to poor development and deployment practices (no automated tests or log analysis), the use of outdated or unlicensed software (Windows Vista, from torrent anybody??), and managing too many services (i.e. hosting you Exchange server instead of using Google Apps).
It's fine to run nmap and tell people that they have an unused port open, but that's really not where most problems lie.
Does anybody know of a consultant that takes a more assertive approach and will take into account human and organizational factors as a major part of the audit? This is something I'd be interested in.
Thanks, Adam
-- Kili.io - OpenStack for Africa: kili.io Musings: twitter.com/varud <https://twitter.com/varud> About Adam: www.linkedin.com/in/adamcnelson
On Mon, Sep 2, 2013 at 12:05 PM, Gichuki John Chuksjonia < chuksjonia@gmail.com> wrote:
I usually write about my experiences on my blog http://chuksjonia.blogspot.com/, but personally i don't do Vulnerability Assessment anymore, i specialize on Penetration Testing.
There are several companies that do Vulnerability Assessments in Kenya, i think the best so far is Silensec, on www.silensec.com
On Penetration Testing, am not sure who is yet. But heard in Africa Sensepost seems to do better, but its based in South Africa.
./Chucks
On 9/2/13, Dan Wanjohi <nadwanjohi@gmail.com> wrote:
These guys are in SA but you can always make arrangements to have them come over or do their thing remotely. I don't think you can get their match locally.
Sensepost.. http://www.sensepost.com/
On Sun, Sep 1, 2013 at 6:56 PM, Michael Bullut <main@kipsang.com> wrote:
Social Engineering?
On 1 September 2013 15:28, Gichuki John Chuksjonia <chuksjonia@gmail.com>wrote:
I like the way people believe in tools, when bad guys will own you by instinct and manual manipulations.
On 9/1/13, Eric Mwangi <ericmwangi13@gmail.com> wrote:
Thanx, l mostly do it as a part time thing
On Sat, Aug 31, 2013 at 9:56 AM, Bernard Okeyo <ben@idealtents.com> wrote:
> For a professional job you need to go beyond the self-hacks on BT if you > are doing it yourself. What is your motivation for carrying this out? Do > you want to undertake it for discovery or do you want to meet certain > audit/enterprise requirements? > > Are you ready to pay for the service? > > If so, I suggest you may want to link with EACADEMY and talk to their > main > tester, Charles(charles@eacademygroup.com). He does some amazing things > with whichever tool he chooses - which is praise in deed coming from me! > > ..Bernard > > > On Fri, Aug 30, 2013 at 2:31 PM, Eric Mwangi > <ericmwangi13@gmail.com>wrote: > >> You can do that own ur own especially if you have backtrack >> installed >> >> >> >> On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin >> <godporiot@gmail.com>wrote: >> >>> Hello Guys, >>> >>> Is there anyone who knows companies that do Vulnerability >>> Assessments/tests in Kenya? >>> >>> I need to contact some of them >>> >>> Regards >>> >>> _______________________________________________ >>> skunkworks mailing list >>> skunkworks@lists.my.co.ke >>> ------------ >>> List info, subscribe/unsubscribe >>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >>> ------------ >>> >>> Skunkworks Rules >>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >>> ------------ >>> Other services @ http://my.co.ke >>> >> >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> > > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- *......................................................... No pressure.....No diamonds!!!*
-- -- Gichuki John Ndirangu, C.E.H , C.P.T.P, O.S.C.P I.T Security Analyst and Penetration Tester jgichuki at inbox d0t com
{FORUM}http://lists.my.co.ke/pipermail/security/ http://chuksjonia.blogspot.com/ _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
have used Sysinternals and wireshark these are amazing tools if you know how to use it well. On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin <godporiot@gmail.com> wrote:
Hello Guys,
Is there anyone who knows companies that do Vulnerability Assessments/tests in Kenya?
I need to contact some of them
Regards
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- "Change is slow and gradual. It requires hardwork, a bit of luck, a fair amount of self-sacrifice and a lot of patience." Roy.
@Chuks, i have read your explanations and i thought by doing Penetration Testing you are actually exploring Vulnerabilities too..Keyword being thought :) Rgds Njogu On Mon, Sep 2, 2013 at 7:06 PM, Paul Roy <roykoikai@gmail.com> wrote:
have used Sysinternals and wireshark these are amazing tools if you know how to use it well.
On Fri, Aug 30, 2013 at 1:10 AM, Toilem Godwin <godporiot@gmail.com>wrote:
Hello Guys,
Is there anyone who knows companies that do Vulnerability Assessments/tests in Kenya?
I need to contact some of them
Regards
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- "Change is slow and gradual. It requires hardwork, a bit of luck, a fair amount of self-sacrifice and a lot of patience."
Roy.
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards Njogu Anthony.
participants (11)
-
Adam Nelson -
Anthony Njogu -
Bernard Okeyo -
Dan Wanjohi -
Eric Mwangi -
Gichuki John Chuksjonia -
Joe Maina -
Michael Bullut -
Paul Roy -
Toilem Godwin -
ty