A job well done
So, two penetration tests done for my client and this time around I've kept a 20 year security pen tester out of their domain after making changes based on the original recommendations and he can't do 95% of the things he was able to do before! At their DR site across the city where they have safeboot installed on all machines he couldn't do anything at all (not even get local admin passwords from the SAM) and wanted to go home at 3 in the afternoon 
He tried a bit of social engineering on my clients site as well. He borrowed a British Telecom workmans jacket and went to downstairs reception asking for riser access in the basement to do work for the customer. The police were called after some checks were made about his identity. Classic!
The IT manager there thanked me for my work this year on getting the majority of the issues ironed out!
He tried a bit of social engineering on my clients site as well. He borrowed a British Telecom workmans jacket and went to downstairs reception asking for riser access in the basement to do work for the customer. The police were called after some checks were made about his identity. Classic!
The IT manager there thanked me for my work this year on getting the majority of the issues ironed out!
DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me.
Comments
-
RussS
Member Posts: 2,068 ■■■□□□□□□□
Good stuff Pashwww.supercross.com
FIM website of the year 2007 -
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
Excellent work
We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
bertieb
Member Posts: 1,031 ■■■■■■□□□□
Excellent work Pash.
It's always good to 'stop' a seasoned pen/security tester and get a glowing report , though I haven't yet had someone call the police about them
The trouble with quotes on the internet is that you can never tell if they are genuine - Abraham Lincoln -
sprkymrk
Member Posts: 4,884 ■■■□□□□□□□
Very nice, have a Caramel Mocha Latte on me! You just have to come to Charleston, SC, USA to get it.
All things are possible, only believe. -
arwes
Member Posts: 633 ■■■□□□□□□□
Awesome work man! We had a pen test done at the hospital I used to work for. I was doing night shift backup work and the guy was ping flooding our patient accounting servers! That was fun explaining to the ER why the servers were so slow.
Our nurses didn't react quite the same as your employees to social engineering.
The guy threw on a suit, told them he was from the IT department and needed their computer for a second. He then printed out a few pages of patient info and gave it to our IT director. That was a wee bit embarrassing.
Shortly before we got bought out (and downsized), we were looking at proximity based authentication for our volunteers at the welcome area. They would go to the restroom and come back to find a visitor using their workstation. Not good.[size=-2]Started WGU - BS IT:NDM on 1/1/13, finished 12/31/14
Working on: Waiting on the mailman to bring me a diploma
What's left: Graduation![/size] -
gojericho0
Member Posts: 1,059 ■■■□□□□□□□
great job...the only thing that would top that is if the guy was TAZED once the police arrived -
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
That sounds like it was fun and exciting as well as being quite an accomplishment. Nice going!
I can't let Mark's generosity go unmatched, so I'm willing to donate $4 towards a plane ticket to SC -
Pash
Member Posts: 1,600 ■■■■■□□□□□
Thanks very much guys
This site is like a rock for me when I need to refresh my brain, ask or answer a question and have good laugh sometimes. Thanks.DevOps Engineer and Security Champion. https://blog.pash.by - I am trying to find my writing style, so please bear with me. -
snadam
Member Posts: 2,234 ■■■■□□□□□□
that sounds like fun! AND you get praise! Congrats!**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
