OMG, a blinking blue light and a round silver thing in a window ! Yes for the love of god you better shoot it! Dude you are not serious right, lol? 

Sup P0et,

  The best card I have found so far is UBIQUITI NETWORKS WLAN PC-EXPRESS CARD 802.11a/b/g 300mW. The draw back is you need to attach an antenna to it so you are back to being a little bulky again. Although they make a fairly nice antenna that just snaps on to the laptop, but the range is so-so. I mean thats what its all about - range. If range is not important aspect in your penttest, then even internal wifi can sometimes be just fine. I have an acer laptop with an internal atheros chip that does a great job if I am sitting in or near the same room as the router.

Interesting you brought that up because I was wondering the same thing.

Well if I was so inclined to have my revenge, I would disconnect my wireless router from the internet ( this would stop him form doing any more possible harm and give us some control of what he might access if you know what I mean)  and force his browser to receive whatever I was inclined to send. Maybe it would say something like " to access the internet please pay $10 for 1 hour" or maybe I might just say "I know who you are and stop free loading "   

I am good judge of character and I know you have what it takes to make this all come together.  We are all with you Brother! 

I would do what Bill suggested as quickly as possible, because you have no idea what he has been up to. Hopefully your connection is not being used for child pornography, downloading music illegally or trying something stupid like hack amazon.com or even worse a military or government site.   But if you feel you want to take a chance and see what they are doing, since they are now part of your network you should be able to sniff their traffic without doing much at all.  If you see their traffic as encrypted, you need to pull the plug ASAP!   

Had a great time and look forward to next year. Thanks again Don.

It never ceases to amaze me about how sloppy companies can be with data. This was not an impressive hack from what I have been able to determine. In  some cases the wireless was totally open and not even protected with lousy wep! They just drove around business areas scanning for open access points networked with vulnerable computers! We need to be able to trust the security of our data and believe that those we  trust will make at least a small effort in protecting that.  I am not sure who is the worse criminal in this story.

Thanks for the comments everyone. I am hoping when I have a little extra time to create a few live CDs to help contribute to the concept. Certainly one of these should be for forensic analysis as well some others for several levels of  penetration difficulty. Hopefully others out there will  also be inspired to help this project.

Yes. I am seeing more and more of this because AVs are trying to be more heuristic and there are so many threats out there so on "some" AVs anything that remotely looks like a hacker tool will be a false positive. 

Nice review and thanks for taking the time.

Sounds good to me!  You pay the first round and I will get the second, lol!

I guess the more rights they take away the more secure we are? I cant help but to think of Benjamin Franklin when he said "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."  Maybe its time to step back and think before we keep giving our freedoms away bit by bit.

LOL! I wasn't going to reply but its amazing to me that Teamer seems so confident he wont get caught but isn't even that sure how to hack into the server and was even hoping he could instructions from those that had breached it in the past.  I wish I had a dime for everyone like that I have seen or I have helped get nailed.

 Good luck!   

I made a post earlier about my concerns about people assuming hacking is limited mostly to exploiting software.  The founder of the Metasploit project himself made it clear at the last Blackhat conference that “hacking is not about exploits. As many professional auditors know, only one or two real exploits may be used during a penetration test.”  He mentioned that most of the time you are cracking passwords, exploiting trust relationships, etc…

At that same conference, the opening speaker, Richard Clarke (former chief counter-terrorism adviser to the US National Security Council) seemed to think completely opposite of that perception. He seemed to feel if we could get coders to write more secure software all would be right in the world.

What concerns me is if someone new to security simply downloads a copy of Backtrack and runs autopwn on their network and doesn’t get a shell, now feels his network must be secure.  This couldn’t be further from the truth.

There is a site I have started to recommend to those new to security. Most of us know about it, but I am not sure how many have actually gone there and downloaded the live CDs and hacked them. I am referring to the DE-ICE.net live pentest cds.

This is such a great concept and I really support it for training those new to the field. Now I have only downloaded the first 2 and I will say any seasoned hacker can get through them quickly, but what I like is you can’t exploit them to get root with metasploit. You have to think like a hacker.

My understanding is the scenarios were created from “real life” pentests the author of these Cds Tom Wilhelm encountered in the field.  The entire concept of live pentest CDs has so much merit.  You can easily boot them up and hack away. If you screw things up, just reboot.  The very best thing about this project is there is a challenge involved. That has always been the weak part of a home lab. Now I am a big supporter of having a lab and have made a number of posts here about doing that. But the one weak aspect is you already know if it’s vulnerable or not when you set it up. Well, unless you are into exploit research, but most CEHs are not doing that and  are simply practicing with their tools.  Being great with tools is fine, but it doesn’t teach you how solve puzzles and that’s what hacking is all about. A live pentest CD on the other hand presents a puzzle for you try and figure out.  It teaches you how to “think” like a hacker and how to solve puzzles. This is in my opinion the most crucial quality to gain and I really don’t care how well you know all the switches of nmap or you know metasploit top to bottom, etc…

Yes, like anything there are some short coming and live cds are not perfect. They don’t give the feel of a networked environment. However you could rewrite them to be if you wished, but thats not really what they are all about any way.  There are not many available so far and of course they are all presented in linux so you wont be hacking server 2003, but once you have the concepts down you could easily apply the concepts to any OS. 

If you do decide to take a stab at the CDs , please resist the temptation to looks at the spoilers out there.  There are even full video spoilers available, but this would make as much sense as going to an answer page of a crossword puzzle before you even try and filling in all the blanks!   I doubt that will make you a better crossword player. Just to say again, the value is not that you are going to learn some new amazing hacking technique, but that you can learn to solve puzzles and think like a hacker. 

From what I gather, this is the same attribute that Muts is trying to instill in his course and if you are going after that certification, before you take the test it might benefit you to run through these Cds. I really can only say good things about the concept and I hope one day it will be expanded to include every level of challenge.

http://de-ice.net/index.php?name=News&file=article&sid=1