|
EH-Net
|
|
May 22, 2013, 01:57:33 PM
|
 Show Posts
|
|
Pages: 1 ... 6 7 [8]
|
|
107
|
Resources / Tutorials / Re: whats the best anti virus for clients
|
on: November 23, 2011, 09:08:26 AM
|
So what are the bad sides? I think the only bad sides I can think of are either bloated operations and lower success rates at detections. As I mentioned all AV products have sucked. Most of the newer products coming out are doing a much better job at keeping their footprint small. Currently my SEP instance is running under 30 MB (all processes). ESET at home runs about 20MB (just the AV). What happens is that people freak out and install 2-3 different anti-malware products that run at the same time (Anti-Virus, Anti-spyware, Firewall etc...). Most retail anti-virus products come with the whole package and include the ability to detect other malware besides viruses. The devs are really making sure that their product doesn't muck up the system.
I think alot of products get a bad rep due to users not properly cleaning out temp files and allow for heavy fragmentation to occur which makes the AV products work much harder.
Just my thoughts...
0. A false positive that removes a critical file, which has happened before... even fairly recently 1. AV software could have its own vulnerabilities... some have been discovered before 2. People who don't know any better and have WAY too much confidence in AV software's detection rate 3. People who think AV software is all they need to protect themselves from malware 4. AV software can remove important evidence (e.g. remove malware, fix configuration, changes atime on files) and leave an investigator with nothing but a "generic trojan found" to go on. But yeah, AV software may have problems, but it's usually the average person's only form of detection. |
|
|
|
|
111
|
Features / Book Reviews / Re: Coding for penetration tester:Building better tools and..
|
on: November 21, 2011, 08:59:19 AM
|
|
I didn't read it, but looking at the table of contents it seems over half the book is just being used as an intro to various scripting languages. There are plenty of other books and resources that cover how to program in whatever language, I wish it chose a specific language like Python and explained how to use it for pentesting.
|
|
|
|
|
115
|
Features / Skillz / Re: What happened to the challenges?
|
on: November 18, 2011, 01:48:33 PM
|
eth3real you mean hacker challenges like CTF etc? I am currently building up a 'pentest network' which will hopefully allow people to VPN and do it in a safe environment  That sounds awesome. Are people going to be able to use it for free? Keep in mind not only would that be useful to penetration testers, but I'm sure it would really help those in forensics if you posted a torrent of the virtual machines and/or communication after the attacks for people to analyze. |
|
|
|
|
117
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: Virtualbox images for us to secure/hack/analyze?
|
on: November 15, 2011, 02:08:58 PM
|
|
Thanks, I forgot about DVL. I'll check it out!
My focus isn't really on hacking though, it's more on analyzing attacks. I think people would learn more about pentesting by attacking boxes someone else secured, and forensic analysts would learn more about attacks that someone else did, etc.
So if someone created an Linux Virutalbox image and secured it, gave it to a pentester to hack it, who then gave it to a forensic analysts to analyze it the whole forum could benefit rather than someone like me who's into forensics trying to play a hacker and investigate what happened when they already know all the answers.
If no one wants to secure an image and leave a vulnerability or two, would someone be interested in hacking DVL/Metasploitable and posting the Virtualbox image and tcpdump log for the forensic forum to analyze and share the evidence of the attack?
|
|
|
|
|
118
|
Ethical Hacking Discussions and Related Certifications / General Certification / Virtualbox images for us to secure/hack/analyze?
|
on: November 15, 2011, 07:41:20 AM
|
|
I was thinking it could be fun if we had someone studying for something like GCUX secure an Ubuntu Virtualbox image while leaving a vulnerability or two, then post a torrent of the image somewhere for the Network Pen Testing forum. Then people could practice hacking it, and someone could post a new torrent of the image/network traffic for people in the Forensic forum to analyze. They could analyze it and post the malware for the people in the Malware forum to analyze.
Is anyone interested in this? If so, I'm more of a forensic guy so is there anyone who would want to kick this off? If no one wants to secure an image, I supposed we could use metasploitable...
|
|
|
|
|
Loading...
|
Network Pen Testing : AIX Vulnerability Assessments
