I scared my corporate users a few years ago just talking about botnets. A simple demo should do the trick. I'm planning on doing one myself soon for my company too. They still talk about that presentation. Jeremy Pommerening Giac GCFA GPEN GAWN GCFW MCSE Win2k NT4
Sent from Blackberry DISCLAIMER: This message is being sent from a portable device. This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc. ________________________________ From: [email protected] <[email protected]> To: PaulDotCom Security Weekly Mailing List <[email protected]> Sent: Wed Sep 08 15:59:43 2010 Subject: [Pauldotcom] Presentation Advice I'm giving a security presentation to a room full of non IT folks in a few weeks. The point I want to drive home is that simply having AV and a Firewall doesn't make you bulletproof. There is a big gap between what the bad guys can do and what modern security apps can stop or catch. I think one way to help bridge this gap would be to raise user awareness and to get users thinking about security issues. I believe most users think that with AV/Firewall and not clicking on links, they're safe. I was planning on doing a live demo (crossing fingers) to make this point. I will set up a rogue AP ("FreeWIFI Connect to ME!"), connect a client machine and then demonstrate some MITM attacks. I'll also throw in some SET to have some meterpreter fun. Password stealing, key logging, sound recording etc... I know I cant get too technical and if I do, I'll loose the group. I think this demo would get their attention but was wondering if anyone has done this before and if so, what did you do? Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
