A lightly-moderated mailing list for the discussion of security issues

headers jf | 1 Nov 2007 07:04

must be on one of the .gov red teams ;]

On Wed, 31 Oct 2007, reepex wrote:

> Date: Wed, 31 Oct 2007 16:56:20 -0500
> From: reepex <reepex <at> gmail.com>
> To: Joshua Tagnore <joshua.tagnore <at> gmail.com>,
>     full-disclosure <at> lists.grok.org.uk
> Subject: Re: [Full-disclosure] Flash that simulates virus scan
>
> resulting to se in a pen test cuz you cant break any of the actual machines?
>
> lulz
>
> On 10/31/07, Joshua Tagnore <joshua.tagnore <at> gmail.com> wrote:
> > List,
> >
> >     Some time ago I remember that someone posted a PoC of a small site that
> > had a really nice looking flash animation that "performed a virus scan" and
> > after the "virus scan" was finished, the user was prompted for a "Download
> > virus fix?" question. After that, of course, a file is sent to the user and
> > he got infected with some malware. Right now I'm performing a penetration
> > test, and I would like to target some of the users of the corporate LAN, so
> > I think this approach is the best in order to penetrate to the LAN.
> >
> >     I searched google but failed to find the URL, could someone send it to
> > me ? Thanks!
> >
> > Cheers,
> > --

Mon	Tue	Wed	Thu	Fri	Sat	Sun

			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

108	May 2013
351	April 2013
292	March 2013
157	February 2013
276	January 2013
266	December 2012
223	November 2012
269	October 2012
207	September 2012
379	August 2012
385	July 2012
423	June 2012
319	May 2012
378	April 2012
378	March 2012
470	February 2012
602	January 2012
508	December 2011
461	November 2011
994	October 2011
403	September 2011
416	August 2011
366	July 2011
553	June 2011
552	May 2011
563	April 2011
437	March 2011
669	February 2011
582	January 2011
695	December 2010
369	November 2010
514	October 2010
418	September 2010
427	August 2010
407	July 2010
621	June 2010
405	May 2010
453	April 2010
564	March 2010
480	February 2010
614	January 2010
501	December 2009
366	November 2009
348	October 2009
473	September 2009
454	August 2009
552	July 2009
309	June 2009
281	May 2009
319	April 2009
458	March 2009
387	February 2009
979	January 2009
644	December 2008
732	November 2008
554	October 2008
625	September 2008
560	August 2008
592	July 2008
396	June 2008
666	May 2008
819	April 2008
603	March 2008
510	February 2008
609	January 2008
634	December 2007
593	November 2007
894	October 2007
688	September 2007
512	August 2007
662	July 2007
662	June 2007
568	May 2007
750	April 2007
576	March 2007
574	February 2007
589	January 2007
499	December 2006
536	November 2006
681	October 2006
573	September 2006
843	August 2006
781	July 2006
1044	June 2006
787	May 2006
895	April 2006
1821	March 2006
737	February 2006
988	January 2006
1539	December 2005
1056	November 2005
678	October 2005
894	September 2005
1057	August 2005
697	July 2005
432	June 2005
689	May 2005
660	April 2005
904	March 2005
662	February 2005
778	January 2005
766	December 2004
1347	November 2004
1121	October 2004
1052	September 2004
1261	August 2004
1310	July 2004
973	June 2004
1415	May 2004
1140	April 2004
1491	March 2004
1519	February 2004
1346	January 2004
774	December 2003
1129	November 2003
1794	October 2003
1779	September 2003
1953	August 2003
1265	July 2003
885	June 2003
420	May 2003
499	April 2003
300	March 2003
397	February 2003
510	January 2003
313	December 2002
458	November 2002
379	October 2002
672	September 2002
839	August 2002
183	July 2002
2	June 2002
3	April 2002
2	February 2002

Re: Flash that simulates virus scan

Re: spammer wades into US Presidential race

Re: Flash that simulates virus scan

Re: ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability

Re: ZDI-07-063: RealPlayer RA Field Size File Processing Heap Oveflow Vulnerability

Re: spammer wades into US Presidential race

Re: Flash that simulates virus scan

Re: Flash that simulates virus scan

an open letter to kevin bacon: hello, how's it going?

SEC Consult SA-20071101-0 :: Multiple Vulnerabilities in SonicWALL SSL-VPN Client