Information gathering with GPG/PGP keytrusts

Thursday, 1 January 2009, 1:38 PM EST

Often times during some of the initial phases of a pen test, I find myself needing some avenues for delivering client side attacks - with permission and within scope of course! Now, finding appropriate attacks can be a challenge, but to me a larger challenge is the social aspect. How can I convince someone to actually execute my attack? Having a little more information about the "victim" is helpful.

So, how can we obtain more information? How about some information that implies some level of familiarity, so that we can spoof names. How about some context? GPG/PGP Keytrust information can serve us well here!

At PaulDotCom.

[ Read more ]




Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //