Sometimes life gives you lemons. An example would be that you’re working in a corporate environment for a failed infrastructure executive who is playing the CISO role. Now imagine if you will that your enterprise is STILL running IE6 and is taking its sweet ass time to remedy the situation. Need some home grown FUD to make your point?
Enter, the BeEF Project:
The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors.
Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.
If you get phrases like “its too expensive to upgrade”, “no one is targetting us”, or “we have all we need for the business unit to make its decision”. It’s time to quit. If that isn’t an option you’ll need to make your case. This framework is just the thing to help you demonstrate that point.
They’ve just rolled out a new and improved website. Please do check it out.
Great post but I can’t believe any reputable company would still be on IE6 😉
@securitymoey No “reputable” one 😉
I can assure you that many banks are still using IE6 and Win XP on all their workstations 🙂
@antisnatchor Oh, I know all too well. 🙂
the financial institute that I currently help support migrated to IE 8 within the last 6 months, the IT dept just started moving to Win7, and we are the first to go
“we have all we need for the business unit to make its decision†< I love this phrase. Really. Not just from a security point of view either, but hearing this as an excuse to not do basic maintenance because it is "risky"…
Makes you want to rent a woodchipper for cash and buy bleach at Costco some days… metaphorically speaking of course.
@Tadd Yes, metaphorically.