 |
| |
| |
|
Who's Online |
|
We have 33 guests and 1 member online |
|
EH-Net Donations |
|
|
| |
|
|
 |
You are here: Home Forum |
|
Ethical Hacker Community Forums
|
|
December 01, 2008, 04:28:42 PM
|
Show Posts
|
|
Pages: [1] 2 3 ... 21
|
|
1
|
Resources / News from the Outside World / Re: Would you trade your privacy for a smartphone?
|
on: Today at 04:27:17 AM
|
|
Ah, the old worm and hook routine. To be honest if I was a student I'd probably go for this since it's a pretty sweet toy to have if you're on a low budget. Right now I'd probably decline.
That said, how are they tracking the holder's usage and location? If they are not using anything over and above what's install on a regular smartphone who's to say we're not already being monitored in this fashion? The phorm debacle demonstrates we should not rely on the law or agreements with service providers that this kind of behaviour will not take place.
Jimbob
|
|
|
|
|
4
|
Resources / Tutorials / Re: problem with use MSF
|
on: November 27, 2008, 03:07:16 AM
|
|
Using nmap is not safe, most scan will send packets to the target IP address. What the remote system does with these packets is up to them but logging, port scan detection and other techniques may be used to identify the scan.
Jimbob
|
|
|
|
|
8
|
Ethical Hacking Discussions and Related Certifications / Forensics / Re: It's time to get that data back!
|
on: November 18, 2008, 10:59:55 AM
|
|
Hi, The first thing to do is stop any more writes happening to the disk. Power off the system so that no further data will be lost. Make an image of the disk and work on a copy so you don't risk losing any more data.
There are tools to recover deleted files. Check out The Sleuth Kit (TSK) and autopsy for a free way of examining file systems. A reinstall of the OS probably means that you've formatted the system volume, so this won't be a simple case of finding deleted files in the current file system. A data carving tool like foremost might be your best bet in recovering files.
Can you let us know the OS, file system type (before and after installation) and the type of files you are trying to recover?
Regards, Jimbob
|
|
|
|
|
9
|
Ethical Hacking Discussions and Related Certifications / Forensics / Working for the dark side
|
on: November 18, 2008, 05:48:15 AM
|
|
Hi, I've noticed a significant prejudice against computer forensic professionals who work for the defense. Some professional bodies will deny you admission if you have ever worked for a defendant and you may find a lot of other doors closed to you if you do this. Certain tools for example are only available to law enforcement.
I believe computer forensics to be an extension of forensic science. I also believe that justice cannot be served by making the forensic process a closed system not open to scrutiny. In science peer review is important to ensure the validity of the scientific process and it's conclusions.
Does this attitude exist, and if so does it hold back the progress of computer forensics?
Jimbob
|
|
|
|
|
10
|
Ethical Hacking Discussions and Related Certifications / Forensics / Gaining experience... first steps
|
on: November 18, 2008, 05:41:10 AM
|
|
Hi, Kind of an open question; how can all the good people gain some experience with computer forensics? I know there is a lot of good training material out there but how can you gain real world experience, particularly if you've no previous field experience or already have a part/full-time job?
Are there opportunities to gain work experience by volunteering with law enforcement or private companies? There are lots of people here who would be interested to share your experiences.
Jimbob
|
|
|
|
|
11
|
Ethical Hacking Discussions and Related Certifications / Forensics / Re: Data Recovery
|
on: November 17, 2008, 09:43:25 AM
|
One important point when it comes to discussing disposal of hard disks is the ever-present issue of risk. If you are a poor student and getting $50 for a used hard drive is big deal then destructive disposal seems a poor choice. If you're a multinational company then hit your old disks with a hammer. A big hammer. The student's solution would be to use something like Darik's Boot and Nuke. http://www.dban.org/Regardless of who is disposing of their old computers it's worth erasing the disks, even if the machine is going to be scrapped. I've seen plenty of scavengers trying to take dumped kit from refuse dumps and recycling centres. Jimbob
|
|
|
|
|
12
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: page action
|
on: November 17, 2008, 09:35:09 AM
|
|
Hi, I'm not certain that I understand your issue completely, so bear with me. Given your description what is currently happening goes something like this.
1. Your web page as a login form 2. The form makes a HTTP request to a script which you use for authentication 3. You want to defend against a form from another site calling this script
The situation you describe is like a phishing attack where a fake login page is used to harvest login credentials. There is not a lot you can do to prevent this scenario in the real world.
You could issue a session cookie and only allow requests to be processed if a valid cookie is found. A phishing site could easily send it's own HTTP request, get a valid session cookie and request authorization. Filtering on the HTTP referer header can easily be worked around since this header is sent by the client.
If you can be a bit more specific as to what you need to do then perhaps you'll get some other ideas thrown your way.
Regards, Jimbob
|
|
|
|
|
14
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: IP Address Block Enumeration
|
on: November 10, 2008, 08:29:19 AM
|
|
It may also be of use to enumerate any DNS hostnames you can find and see where they resolve to. This could help define the size of the network. You can start by trying reverse lookups of the IP addreses you think are in the network. Results for an unexpected domain might indicate you are beyond the network boundaries.
If you can do a zone transfer then check the addresses where the hostnames point to. Check out DNS records such as MX and NS. Using data from separate sources and queries can help build a better understanding and increase your confidence in the results.
Jimbob
|
|
|
|
|
15
|
Ethical Hacking Discussions and Related Certifications / Social Engineering / Re: Scammers
|
on: October 27, 2008, 01:15:30 PM
|
|
Hi BillV, In my experience what you'll get in response to this sort of solicitation is a fake PayPal receipt email. The scammer will then ask the goods shipped. Asking for the PayPal details is just a way to customise the email template they will send you in an attempt to con you.
Other modalities might include offering to overpay for the goods and asking you to forward the difference by western union. Fake or stolen cheques are sometimes used, but forged PayPal emails are by far the most common due to the ease of use.
Jimbob
|
|
|
|
|
Loading...
|
|
 |
|
| |
|
Sponsors |
|
|
|
Support EH-Net |
Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

Try CBT Nuggets Free!
|
|
| |
|
|