|
EH-Net
|
|
May 24, 2013, 02:35:35 AM
|
Show Posts
|
|
Pages: [1] 2
|
|
1
|
Resources / Career Central / Re: Advice
|
on: January 20, 2012, 02:17:22 PM
|
|
I agree... I would go for the Security+. Not a gold standard, but will certainly set you out from the field as a college recruit. As a bonus, you might learn something from studying for it.
If you buy 2 Sec+ books, download some free tools, get a few Linux and Windows VMs, you should have enough to get you prepared.
|
|
|
|
|
3
|
Ethical Hacking Discussions and Related Certifications / Incident Response / Re: My father is hacking me?!
|
on: October 09, 2010, 02:13:29 PM
|
I don't think a vulnerability scanner will help you in this instance. If he was a true "NSA cracker", it is likely the backdoor is sophisticated enough to avoid detection though common security software. Your best bet is to wipe the disk on the laptop completely (or find someone you trust to perform this if you are unsure how to). Reinstall the operating system, update and secure it (e.g. firewall, security software, disable unnecessary services, etc.). Then just communicate with your Dad via phone and pen/paper.  P.S. Why is the MS RAS (Remote Access Server) enabled? Do you use this functionality? It is typically not enabled by default. P.P.S. Did he give you the laptop or at anytime have physical access to it? If that is the case, I would put it on Ebay if you are truly concerned about him "hacking" your laptop.
|
|
|
|
|
4
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Image files in Penetration testing
|
on: October 06, 2010, 09:54:44 PM
|
How do you know it accepts JPEGs? Can you do something like nerfarious_script.jpeg.exe ? If you are authorized, try to upload several variants of files and proxy the application's response. Look for subtleties. It may be suspectible to parameter tampering. In PHP, it would be something like include $_REQUEST['filename’]; If it's not validating your upload parameter, try some fuzzing; for example, /../../ or command injection.
|
|
|
|
|
10
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Which disclosure philosophy?
|
on: July 10, 2009, 11:35:18 PM
|
Disclosure to the vendor is noble, however, as you said vendors may reply in a very angry and threatening manner. Personally, if identifying the vuln involved violating the EULA, I would not disclose it to the vendor. It wouldn't be worth the personal risk. One would also have to be careful of not violating other laws. Some the EFF mentioned: - Computer Fraud and Abuse Act
- Anti-Circumvention Provisions of the DMCA
- Copyright law
If it seemed extremely important to disclose to the vendor (even in violation of the above), I would go to great lengths to remain anonymous. I'm not experienced in the exploit development scene anyway, so this is all hypothetical.
|
|
|
|
|
11
|
Resources / Tools / Re: Hacme Bank
|
on: July 10, 2009, 10:19:08 PM
|
Hey macdaddy, If you don't have much luck with setting up Hackme Bank, maybe give Altoro Mutual a try at demo.testfire.net . No configuration needed  , but maybe you already pwned this one.
|
|
|
|
|
Loading...
|