The Ethical Hacker Network - Latest posts of: m0wgli

Latest Additions

EH-Net Login

Welcome Guest.

No account yet? Register

Who's Online
We have 30 guests online

Advertisement

You are here: Home

EH-Net

May 22, 2013, 07:42:29 PM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Go back to The Ethical Hacker Network Online Magazine Home Page

Home

Help

Calendar

Login

Register

Show Posts
Pages: 1 ... 9 10 [11] 12 13 ... 17

151	Ethical Hacking Discussions and Related Certifications / Programming / Re: python newbie	on: September 28, 2012, 02:32:59 PM
Just something to keep in mind for the future. You've probably seen this already, but SecurityMonkey posted that a new Python book is coming out soon. Violent Python:A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers. http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9303.msg52182/topicseen,1/#new Looks like it could be a good read.

152	Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: OSCP - Two weeks in.	on: September 28, 2012, 04:32:06 AM
@catalyst256 & @superkojiman: Thanks for the replies.

153	Ethical Hacking Discussions and Related Certifications / Other / Re: PIN/Password number analysis	on: September 28, 2012, 04:26:04 AM
Thanks for the recommendation. I actually caught Paco's presentation at B-Sides London: http://www.youtube.com/watch?v=Uc5nG1LAo0A Paco kindly offered to do his talk when Kizz MyAnthia went AWOL for his Mapping The Penetration Tester's Mind: 0 to Root in 60 Minutes talk.

154	Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: OSCP - Two weeks in.	on: September 27, 2012, 04:05:41 PM
I've been following your blog for a while, and have been enjoying your OSCP updates. I've also read your Scapy guide and found it really useful, looking forward to the special B-Sides London 2013 edition. Good luck! @catalyst256 & @superkojiman: I'd be interested to hear a guestimate as to how many hours you invested over the 90 day's (@catalyst256 I appreciate you still have 30 to go) and a rough idea of how this broke down. @superkojiman: I took a look at your blog too, you should update your profile to include it. Some good posts on there!

155	Ethical Hacking Discussions and Related Certifications / Other / PIN/Password number analysis	on: September 26, 2012, 04:33:27 PM
Following a joke tweet I saw earlier in the week that “All credit card PIN numbers in the World leaked”, it got me thinking about how people actually choose PIN numbers/Passwords. Whilst looking into this I came across the following article PIN number analysis: http://www.datagenetics.com/blog/september32012/index.html Based on a 4 digit PIN there are 10,000 choices, yet from a sample of 3.4 million 4 digit passwords nearly 11% were the password 1234. From a table of the top twenty passwords found: Quote A staggering 26.83% of all passwords could be guessed by attempting these 20 combinations! (Statistically, with 10,000 possible combination, if passwords were uniformly randomly distributed, we would expect the these twenty passwords to account for just 0.2% of the total, not the 26.83% encountered) Although the article refers to PIN numbers the data was obtained from user passwords: Quote Given that users have a free choice for their password, if users select a four digit password to their online account, it’s not a stretch to use this as a proxy for four digit PIN codes Given human nature. I don't consider this an unreasonable assumption. Personally I found the distribution of user choices fascinating given the available choice.

156	Resources / News from the Outside World / Re: Just another reason to have unique passwords	on: September 26, 2012, 10:33:34 AM
Quote from: hayabusa on September 26, 2012, 07:50:56 AM Nothing like when a group, who OUGHT to know better, leaves a hole like this. Definitely continues toward making the case for unique passwords. Looks like the same could be said about password complexity. The most common password was 123456, followed by ieee2012. http://ieeelog.com/

157	Ethical Hacking Discussions and Related Certifications / Programming / Re: python newbie	on: September 26, 2012, 02:13:19 AM
Quote from: Andrew Waite on September 25, 2012, 05:40:57 PM Still looks (and sounds, from those I know working through it) to be well worth the price, but if there's a (legit) free avenue to the material I'd be a fool to part with my cash.... AFAIK the original intention was to dripfeed the SPSE course to those who didn't want to pay for it. However, this changed: Quote Community Edition of courses - We've decided that a community edition of the course will be released when the "next version" of the course will be launched. So, once we launch SPSE ver 2, we will make the course material for SPSE ver 1 (the current one) available to the community. This will ensure that our paid students have the latest version of the course will all the updates while the hobbyist has the slightly older version which still adds sufficient value to him. I know this may disappoint many of you, but as I've clarified earlier, without a steady stream of revenue the site would anyway soon be dead. I have only the following choices - charge for the courses and eventually make older versions available for free ... or stop creating any more content as the time commitment required is not possible. Source: http://blog.securitytube.net/2012/07/new-features-on-site-and-roadmap-ahead.html

158	Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Avoiding Pentest DOOM	on: September 24, 2012, 03:29:02 PM
Interesting read, thanks. With regards to report retention (subject to client requirements), I found the following advice from Andrew Waite useful: Quote From experience it can also be wise to hash and document any reports provided to clients, I've once been asked from senior management to justify a finding/recommendation that had been edited by an IT ream to support their business-political viewpoint. http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,9048.msg50675/#msg50675 Although this would be mitigated by the advice already mentioned, I feel it's worth mentioning for those that may not know. When using a VM any files moved between the guest and host are stored in a temporary location on the host that doesn't clean up after itself: http://pauldotcom.com/2012/08/penetration-testers-beware-vmw.html

159	Ethical Hacking Discussions and Related Certifications / Programming / Re: python newbie	on: September 23, 2012, 03:26:03 AM
Another free resource that has some good Python tutorials: http://thenewboston.org/list.php?cat=36

160	Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Streamline Burp Intruder attacks with Payload Processing Regex	on: September 22, 2012, 07:35:45 AM
Nice first post. I haven't really delved into the more advanced functions of Burp too much yet, but I tried out your technique earlier today and can really see the usefulness of it. Like MaXe says it's good to see someone talking about the more advanced functions of Burp, and any more posts like this would be most welcome. Also thanks for sharing your wordlists.

161	Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Keylogger	on: September 21, 2012, 02:48:58 PM
You weren't the only one. This happens from time to time as posts get bumped by spam. However, this doesn't take away the benefit of someone providing relevant updated information to the original question.

162	Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Keylogger	on: September 21, 2012, 02:33:30 PM
I'd hope that after 5 years from asking he has managed to find something that has met his requirements. Anyhow thanks for the information I found it useful.

163	Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: Suplementing with samurai skills?	on: September 21, 2012, 01:46:43 PM
I'm sure hayabusa has his reasons for doing so, and it's up to him whether or not to make it public. However, the impression I'm left with is that "Saying nothing... sometimes says the most."

164	Resources / Tutorials / Re: Web mail or Email Client??	on: September 21, 2012, 08:04:23 AM
Quote Whats the meaning of pros / cons.? It's another way of saying for (pro) or against (con), or another way to look at it would be positive (pro) and negative (con).

165	Resources / Tutorials / Re: Why directory browsing is important?	on: September 21, 2012, 02:08:29 AM
You can also try and find hidden directories and content through brute force using tools such as dirbuster for example: https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

Pages: 1 ... 9 10 [11] 12 13 ... 17

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com

Page created in 0.083 seconds with 21 queries.

Exclusive Deal

SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format! Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013

Polls

Compared to this year, 2013 will be:

	Great!
	Better.
	About the same.
	Little worse.
	FUBAR!

Recent Forum Topics

EH-Net News Feeds
Latest Additions

Privacy Notice
for TDCC & All Properties

Advertisement

© 2013 The Ethical Hacker Network

Joomla! is Free Software released under the GNU/GPL License.