The Ethical Hacker Network - Latest posts of: m0wgli

Latest Additions

EH-Net Login

Welcome Guest.

No account yet? Register

Who's Online
We have 173 guests and 2 members online

Advertisement

You are here: Home

EH-Net

May 18, 2013, 11:00:17 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Go back to The Ethical Hacker Network Online Magazine Home Page

Home

Help

Calendar

Login

Register

Show Posts
Pages: 1 ... 12 13 [14] 15 16 17

196	Ethical Hacking Discussions and Related Certifications / General Certification / Re: OSWP Exam	on: August 30, 2012, 05:33:52 AM
The course has been updated since I did it, so I can't comment on the new material. I'd agree with all the the other comments made so far. At the time I read the following book to expand on the material whilst doing the course and found it useful: http://www.amazon.com/Hacking-Exposed-Wireless-Second-Edition/dp/0071666613/ref=dp_ob_title_bk Another book I've heard good things about but haven't read yet is: http://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/ref=sr_1_1?s=books&ie=UTF8&qid=1346322592&sr=1-1&keywords=wireless+backtrack

197	Ethical Hacking Discussions and Related Certifications / Physical Security / Re: Learning lock picking	on: August 29, 2012, 02:43:25 AM
Thanks for the advice on the cutaway's, I'll make sure to follow it.

198	Ethical Hacking Discussions and Related Certifications / Other / Re: Boot Problem	on: August 29, 2012, 02:35:45 AM
Your external HD isn't formatted as NTFS is it? http://forums.debian.net/viewtopic.php?f=17&t=78095

199	Ethical Hacking Discussions and Related Certifications / Physical Security / Re: Learning lock picking	on: August 28, 2012, 01:35:49 PM
Thanks for the replies everyone. @rance I've managed to find a monthly lock picking meet at a hackspace not too far away.

200	Ethical Hacking Discussions and Related Certifications / Physical Security / Learning lock picking	on: August 27, 2012, 05:21:57 PM
I would appreciate some advice on learning the fundamental basics of lock picking. From what I've read the following books seem like they may be a good resource for me to start with: http://www.amazon.com/Practical-Lock-Picking-Physical-Penetration/dp/1597496111/ref=sr_1_1?ie=UTF8&qid=1346095105&sr=8-1&keywords=lock+picking http://www.amazon.com/Visual-Guide-Lock-Picking-Third/dp/0970978863/ref=sr_1_1?s=books&ie=UTF8&qid=1346096850&sr=1-1&keywords=visual+guide+to+lock Are these good choices or are there better alternatives? Also, any recommendation's for practice locks and pick sets for a beginner would be greatly appreciated.

201	Ethical Hacking Discussions and Related Certifications / Physical Security / Re: Anyone know anything about locks ?	on: August 27, 2012, 02:07:07 PM
Quote from: Jamie.R on August 27, 2012, 06:08:39 AM I would assume that all TSA staff go thought some sort background checks too. When conducting a background check, it would appear to be worth while waiting for the result before employing someone: http://www.huffingtonpost.com/2012/04/26/tsa-agents-background-checks_n_1456849.html http://www.infowars.com/congresswoman-tsa-hiring-pedophiles-to-conduct-pat-downs/

202	Ethical Hacking Discussions and Related Certifications / Physical Security / Re: Anyone know anything about locks ?	on: August 26, 2012, 04:25:49 PM
Quote from: DataDwarf on August 26, 2012, 11:28:05 AM Just a note if you are traveling by air in the USA the TSA only allows you to use certain approved locks; http://www.tsa.gov/travelers/airtravel/assistant/locks.shtm After the post by chrisj about his friend having his padlocks cut by the TSA, my initial thought was WTF. However, some quick research into the TSA revealed that this is common practice. I also came across the information about approved locks you posted. Whilst looking into this further, I was surprised about the number of people complaining about using TSA approved locks and still having them cut.

203	Resources / Tutorials / Re: Scapy Guide	on: August 25, 2012, 02:33:35 PM
Thanks for taking the time to write the guide. I've used Scapy before, although quite some time ago, and still found it useful. I thought I'd take a quick look at your guide, well that quick look ended up being three hours of me messing about with Scapy! I've added your guide to my bookmarks and hope you get the oppurtunity to update it once you finish the OSCP (Good Luck!). I already had these links for Scapy under my bookmarks, but your's is a welcome addition: http://www.ouah.org/blackmagic.txt http://thesprawl.org/research/scapy/ http://www.scs.ryerson.ca/~zereneh/cn8001/CN8001-PacketCraftingUsingScapy-WilliamZereneh.pdf Once again, thanks for taking the time to write it and share it.

204	Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: SecurityTube Python Scripting Expert (SPSE)	on: August 24, 2012, 02:50:47 AM
Quote from: Cyber.spirit on August 24, 2012, 02:43:26 AM i think its better to learn perl then python its my idea. Anyway securitytube.net is always great Could you please explain why you believe it's better to learn Perl over Python? I'd be interested to know. From what I've read on the forums the general consensus would suggest that Python would be the better choice.

205	Ethical Hacking Discussions and Related Certifications / CEH - Certified Ethical Hacker / Re: C\|EH Core Concepts	on: August 24, 2012, 02:41:07 AM
Quote from: Cyber.spirit on August 24, 2012, 02:26:08 AM C\|EH is a great certificate (much better than sec+!) but it will never make u a real hacker. C\|EH and Security + aren't comparable. Security + focuses on the theory and concepts of security in general. C\|EH focuses on tools and attack methodology. They are both trying to achieve different objectives.

206	Ethical Hacking Discussions and Related Certifications / OSCP - Offensive Security Certified Professional / Re: Finally took the plunge, started 08/05/12	on: August 23, 2012, 08:44:29 AM
Quote from: sh4d0wmanPP on August 23, 2012, 03:34:55 AM @hayabusa would you mind telling some about the OSCE track? As I understand it this track is mostly about advanced exploit development techniques but that is all I can find. There is also a review on here for it: http://www.ethicalhacker.net/content/view/342/24/

207	Ethical Hacking Discussions and Related Certifications / Web Applications / Re: DOS bug I found	on: August 22, 2012, 12:09:45 PM
Quote from: sternone on August 22, 2012, 11:33:09 AM Quote from: Jamie.R on August 22, 2012, 11:24:48 AM sternone I don’t think we confusing them I just trying point out that it sometimes hard to decide between the two. Even if you look this post some people said it’s a type of DOS some said no way so there is a lot of confusing around it. Wikipedia says "In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users" So by purchasing the entire shop when you have no intention to pay for them are you not in a way making resources unavailable to its intended users? If you stop your friends from having access to his phone by entering the pin so many times wrong are you not denying him access to his machine? I just trying say that it sometimes hard to identify if an issue is a DOS, Logical or any other type of flaw. No you are not. Wikipedia is very correct, they are talking about having the servers or networks being not responding. If you use a bug to lock up a certain function of the program in this case ordering a product for a certain period that is not making the servers or the network unresponsive. I'm done with this discussion, you can have it all, sure, all bugs are 'denial of service' and hey, even if we programmed it so you get locked out for a certain period well then its a 'denial of service' also. Yeah right. there is hope in this industry for me after all, if I need to compete with you guys... Sigh... I wouldn't entirely rely on Wikipedia for a source of information if at all. They are discussing DoS at the network layer, DoS can also occur at the application layer. With regard to abusing the account lockout process to cause a DoS, heres a couple of links that I suggest you read: http://projects.webappsec.org/w/page/13246921/Denial%20of%20Service https://www.owasp.org/index.php/Denial_of_Service http://technet.microsoft.com/en-us/library/cc737614%28v=ws.10%29.aspx

208	Ethical Hacking Discussions and Related Certifications / Web Applications / Re: DOS bug I found	on: August 22, 2012, 10:17:43 AM
I believe the distinction between the two is that the DoS condition you refer to in the reserve and collect function is a consequence of the applications flawed functionality/logic. It is this flaw that is the underlying issue and is therefore the issue that should be reported. If the functionality was implemented correctly it couldn't be abused to cause the situation you describe. The account lockout functionality isn't flawed as it is functioning as intended, i.e. reacting to incorrect logins. It is the abuse of it's intended function resulting in a DoS, that would be the issue.

209	Ethical Hacking Discussions and Related Certifications / Web Applications / Re: DOS bug I found	on: August 22, 2012, 08:29:31 AM
Quote from: Jamie.R on August 22, 2012, 07:55:51 AM An intresting question would be if you have a phone that has a lock feature on it and your friend decides to play a game. He enters your pin wrong 3 times this then lock the phone for 1 min. He then does it again 3 more times and lock the phone for 10 min. He then keeps on doing this until the phone is locked for 60min. Would you say that was a DOS ? as mentioned above you not really using resources up like ram, HDD or the processor. you are just locking him out of his phone and stoping him from using the phone for 1 hour. Personally, I would consider this a clearcut DoS through abuse of the account lockout functionality.

210	Ethical Hacking Discussions and Related Certifications / Web Applications / Re: DOS bug I found	on: August 22, 2012, 07:23:38 AM
Quote from: sternone on August 22, 2012, 06:58:37 AM How is Amazon doing it ? I'm not sure. As far as I'm aware Amazon don't offer reserve and collect as they don't have retail premises. My experience of the reserve and collect process is based off of how major UK retailers such as Argos and PC World are doing it. The item is removed from stock until the end of the next business day without requiring payment. Quote from: Jamie.R on August 22, 2012, 07:00:36 AM The item was reported to the client as DOS bug. I am not sure what the recommendation was to the client, as I did not finish the report or was in the call to the client. I think the client was made aware of it was enought for them. I mean from the feedback the client gave the bug had been in the application for well over 10 years. I am not sure how Amazon are doing it but I would say most companies that are using the same methods. Jamie, thanks for the information.

Pages: 1 ... 12 13 [14] 15 16 17

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com

Page created in 0.089 seconds with 21 queries.

Exclusive Deal

SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format! Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013

Polls

Compared to this year, 2013 will be:

	Great!
	Better.
	About the same.
	Little worse.
	FUBAR!

Recent Forum Topics

EH-Net News Feeds
Latest Additions

Privacy Notice
for TDCC & All Properties

Advertisement

© 2013 The Ethical Hacker Network

Joomla! is Free Software released under the GNU/GPL License.