Anyone else having weird issues with the forum/site in general? I am no longer to access my PM inbox, it's just empty space. I could see the last page of messages but couldn't go back. I deleted them thinking that would fix it but no such luck. I've also noticed I'm unable to access some posts as well (same thing, just white space).

Don - is this related to changes in the hosting environment or just random stuff going on?

Hi all,

I'm interested in potential opportunities that anyone may know of, specifically looking to stay close to home - SE Michigan, but not Detroit ;-)

Quick background...

Been messing with computers now for almost 12 years. Started out like some people (a little late) as a teenager with an interest in tinkering, learning to build them, and fix them. Got interested in the whole "hacking" aspect pretty quick due to a "death threat" email from then girlfriends' ex-boyfriend. Came across this cool site called 'CyberArmy.' They had a bunch of challenges and you could increase your rank by passing them. Finally caught a break about 10 years ago and entered the IT space professionally.

Since then I've bounced around from the payment card industry, to non-profit, to defense contracting, and now to consulting. I've had a variety of positions from helpdesk technician, network administrator, system administrator, information assurance officer, and now sr. associate/consultant.

My current position is with one of the large, professional firms. I primarily perform technical security assessments but also do policy and procedures reviews, controls reviews and assessments, and lots of documentation.

I'm looking for something close with little-to-no travel required.

Any other questions feel free to ask. Feel free to PM or, due to changes coming, Base64 Decode my email below.

Thanks!
BillV
e: d3ZAbWkucnIuY29t

Burp is great and you can't go wrong with the price.

Some additional options (both free):

w3af - Web Application Attack and Audit Framework

arachni - Web Application Security Scanner Framework

Congrats on passing! I honestly don't remember as it was too long ago. A couple hours I'm sure. Just like you, I know I didn't feel rushed and I had plenty of time for review as well.

Check with an insurance person. As mentioned, you need liability and errors/omissions coverage. They're usually aware of "technology" packages. I'm sure price varies by location. Here it was about $1500/year I believe.

As for resources, I'm not really aware of any. I can't share company documents but I can try and answer any specific questions you might have (as can others here I'm sure).

1) Onboard with changes? Certainly
2) Use of PMs? Every now and then
3) Blogging? It's a good idea, will help expand content
4) Test? Sure
5) Moderate? Sure
6) Develop? Well since there weren't many other replies for this one guess I'll raise my hand. It's been a while since I messed with Joomla but if you need some custom modules built or modifications made to underlying code I'm sure I can help
7) OpenID? Impartial but I think it could be useful

Oh and, of course, we all appreciate your work and efforts in building this community, Don. Great job over the years! Glad to be here and happy to help out where possible.

Same as each of those guys above have said, lots of it. Couple more...

- We commonly see default DRAC credentials in larger environments.
- Default SNMP strings (public and private)
- Open network shares with sensitive information
- Unauthenticated VNC
- Insecure protocols (clear text... telnet, ftp, r stuff)

That's funny, I was also on a recent engagement with a similar issue. The client was running SEP with various features enabled. I could get my payload on but the network detection piece would block me each time, and I thought I did try reverse_https as well as others with no luck. I already had credentials at this point so ended up modifying gsecdump and WCE and just used psexec to maneuver around and obtain more credentials Worked perfectly.

Nice write-up though, thanks. I'm going to take a closer look at this and do some playing around later.

Yeah, there's not much out there regarding Warvox.

I recommend bypassing the whole Asterisk thing and using RapidVox as the provider (link).

You will put their server name in the IAX2 server name box, and your login credentials in the appropriate fields.

He's referencing the official courseware material.

As stated, you'll find plenty of information regarding your questions on the site if you use the search feature or google.

I have not taken CEH training through InfoSec Institute (if that is who you are referring to). We used ISI for some internal training last year. I sat in the CISSP class and the instructor was great - making that stuff as enjoyable as it possibly could be. Many colleagues took an "ethical hacking / penetration testing" class that was supposed to prepare them for C|EH and others. To the best of my knowledge, none of them have taken any of the exams because they don't feel the course prepared them for anything. This is largely due to the instructor so ymmv.

Excellent job! Congrats!

Also from the Detroit/SE Michigan area.

A bit delayed :-) Hope everyone had a Merry Christmas and Happy Holidays, and a great New Years!

Update for anyone looking for information on using warvox (since there's not much out there), another good provider to select is Rapidvox as they allow direct connections from warvox. No additional asterisk or anything provided. Sign up for an account, enter credentials into warvox, and away you go.