Re: Using viruses in pen-test

From: David Swafford (dswafford@alterhighschool.org)
Date: Wed Oct 11 2006 - 17:13:18 EDT


I wonder if there is some type of "fake" virus you could use in this case. I know in a pen test you are hired to do the job asked, but I would hate for you to have to face your client after a "pen test gone bad" kind of situation where something backfired leaving the whole network in shambles from a massive virus outbreak. Clients sometimes don't always understand what they are truly asking (ie. the impact it might cause). I'm not sure how skilled you are at writing code but the option of writing a new virus which simulated something dangerous (but didn't actually damage anything valuable) might be a way to test to see if the anti-virus software doing its job on the "zero day" part (based on heuristic scanning).

David.

____________________________________________________
 
David A. Swafford, Network Engineer
Information Technology Team
Archbishop Alter High School
 
EC-Council Certified Ethical Hacker
 
A Cisco Systems, Inc., Certified Network Associate (CCNA)
and a CompTIA Network+ and Security+ Certified Professional

>>> "neo anderson" <amol.netsec@gmail.com> 10/11/2006 3:08 am >>>
Hi List,
I wish to know your views on "Using viruses in pen-test"I
I've been working in the infosec domain for over 2 years with a couple
of infosec certs including CEH and conducting pen-tests for my clients
for about a year.

My recent client has hired me for carrying out "every possible" type
of pen test.
This includes testing organizations defence mechanism against viruses
as well, this includes to test whether anti-virus administrators have
up-to-date virus definitions etc. I'm supposed to gather this
information by means of thorough penetration tests only.

As we all are aware that how the viruses (worms/trojans included)
enter into the corporate network propagate over LAN. There are many
ways like email attachments or infected content brought in by
employee.It spreads on itself thereafter.

Now my question:

Is there any standard procedure to test the posture of organizations
network security against potential virus threats? I mean i wish to
know about pen-test carried out against Antivirus-product. In order to
replicate itself, a virus must be permitted to execute code and/or
write to memory. Thus this pen-test should also tests that.
And do I need to use some known viruses for this kind of pen-test?

Have your thoughts on this topic please.
Thanking you all.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

_____________________________________
Note: this message has been scanned for viruses and mal-ware prior to leaving the Archbishop Alter High School Information Technology Network. Please report all possible solicitation and infected messages to abuse@alterhighschool.org, Thank you.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:10 EDT