Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.






Lost Password?
No account yet? Register
Who's Online
We have 18 guests online
EH-Net Donations

Enter Amount:
$

Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations





 
Advertisement

You are here: Home arrow Forum
Ethical Hacker Community Forums
January 09, 2009, 07:01:14 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2009 - May 4 - 9. Boot Camps & an Ethical Hacking Conf. www.chicagocon.com
 
  Home Help Calendar Login Register  
  Show Posts
Pages: [1]
1  Resources / Career Central / Re: entry-level or intermediate on: September 04, 2008, 09:56:15 PM
I wouldn't hesitate to look for intermediate-level security positions.  It would be beneficial if you had additional certs to get past HR filtering, but if you look for smaller companies you can often get past that - large  companies are a completely different beast.

The 6 years of experience doing IDS is enough to qualify you for something other than entry-level slots, even if it was part time.  Getting into a Sr. position is much tougher, though... just keep that in mind and keep improving your skill set.  Also, load up on HR fodder (disclaimer:  I don't think certs prove anything, but it does get interviews, whether people like to admit it or not... so just bite the bullet and get the certs).
2  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Telnet/FTP Security Question on: September 04, 2008, 03:53:42 PM
Quote
I still fail to see why you would want to add an administrative overhead to an environment and I highly doubt that there is value to be gained by managing a switch or device using netcat over telnet.  

I would rather use the best tool for the job, and if that means going through hoops, so be it.

Quote
When would I need to process raw traffic using netcat in the context of this discussion? I though the idea was to replace telnet using netcat?

Telnet has a nasty habit of intercepting characters it considers to be commands intended for the telnet application, thus corrupting the data stream.  Also, it will inject data into the stream as well.  With netcat, none of this happens - what you see is unadulterated.

When dealing with a switch, you won't see much difference using telnet over netcat.  However, once you proceed pass simple shell account access activities, netcat really shines.  As to the use of netcat within the context of this topic, I did state outright that the use of netcat was a tangent to this discussion.  Sorry if you thought I implied it was related to the discussion... my bad.

Quote
The only thing in this case that netcat may be better for is wrapping in a script and at that point you'd be better off in cleaning up your environment and using ssh.

If all we're talking about is shell access, than I will definitely fall back to the original argument that ssh should be implemented.
3  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Telnet/FTP Security Question on: September 04, 2008, 03:36:19 PM
Symantec puts a lot of our tools on the auto-quarentine list. I had all kinds of problems with getting Cain & Able on more work computer.
Yeah, so did I - my solution was to use a VM to get around the AV.
4  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Telnet/FTP Security Question on: September 04, 2008, 03:10:27 PM
The argument that a person should use netcat over telnet or ftp is absurd. Think AV. Most will flag and quarantine it.

As geekyone posted, netcat can be excluded from anti-virus rules.  Plus, I think symantec is the only av company that's put it on it's default quarantine list (I may be wrong on that one).

The argument still stands, though, that netcat is a better tool than telnet, especially with the ability to process raw traffic.
5  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Telnet/FTP Security Question on: September 04, 2008, 02:35:06 PM
...there are certain limitation using netcat (shell) over telnet (terminal).

I'm curious what you see as the advantages telnet have over netcat.
6  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Telnet/FTP Security Question on: September 04, 2008, 11:29:33 AM
FTP itself may or may not be a threat, depending on the contents of the FTP files and exploitability of the FTP app from within.  You can also set up FTP to be anonymous, in which case this argument is dead.

Telnet itself isn't necessarily a threat - it's the use of telnet to log into a system (ok, technically, it's the transmittal of username and password in cleartext, but you get the idea).  If you intend to allow remote logins, you might as well dictate in the corporate policy that ssh be used.  And if you go that route, you might as well require putty to be used for file transfers.

FTP and telnet (for logging in) are obsolete protocols in 90% of the cases today, and the alternatives are certainly not difficult to implement.  Also, on a tangent, I am baffled why people continue to use telnet in the first place - netcat is much more powerful, and doesn't have the problem of data manipulation that telnet has (...steps off soap box).
7  Ethical Hacking Discussions and Related Certifications / Other / Re: Chrome - Google Enters the Browser Wars on: September 04, 2008, 10:05:53 AM
I see the incognito mode invaluable on public systems, especially schools, libraries, etc.  It may not do much for privacy across the network, but when someone is done at a public terminal, they'll feel a lot more secure walking away from an incognito session than what happens currently.
8  Ethical Hacking Discussions and Related Certifications / Other / Re: Chrome - Google Enters the Browser Wars on: September 03, 2008, 04:48:23 PM
The Chrome EULA is being changed:

http://www.mattcutts.com/blog/google-chrome-license-agreement/

9  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: So you want to learn hacking? on: August 28, 2008, 06:22:50 PM
Welcome Grendel,

Thanks for reaching out and giving Kev a pat on the back. He does good work and deserves recognition. Please let us know when the next one is ready, and we will be sure to plug it.

Looking forward to seeing more of you on EH-Net?  Wink

All the best,
Don

Strange that I haven't bumped into this site before - Kev's post hit google, which is how I found it.  I'll definitely be around, and will certainly keep everyone up on the latest pentest livecd releases.

- Tom W.
10  Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: So you want to learn hacking? on: August 28, 2008, 10:01:43 AM
Kev -

I'm the guy behind the de-ice.net pentest disks, and wanted to thank you for the well-written post and kudos.  It's good to see some people are starting to realize pentesting is so much more than simple vulnerability tests; but obviously there is a lot more work that needs to be done to educate the masses (especially those with a "C" in front of their title or a lot of metal on their shoulders).

I caught that you tried the first two disks, and will agree with you that they can be plowed through pretty quickly by any seasoned pro.  However, you should give the lvl 2 disk a shot - quite a bit more difficult.  Wink  We do have a lvl 3 disk in development, but again it will not include known exploits (serious emphasis on "known").  That should be out right around the holiday season (we all need a distraction around that time of year, especially when in-laws are in town, eh?).

Again, thanks for the kudos, and please don't hesitate to contact me with any suggestions / comments / war stories.

- Tom W.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com
Valid XHTML 1.0! Valid CSS!
Page created in 0.062 seconds with 22 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net


Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.