Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.






Lost Password?
No account yet? Register
Who's Online
We have 39 guests online
 
Free Business and Tech Magazines and eBooks

You are here: Home
EH-Net
May 25, 2013, 11:32:02 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
  Home Help Calendar Login Register  
  Show Posts
Pages: 1 2 3 [4] 5 6 ... 15
46  EH-Net / Calendar Of Events / Re: DEF CON 20 on: July 11, 2012, 02:40:22 PM
rance, Shmoo was pretty awesome. I wasn't planning on doing the lockpicking competition until you asked me. I had to spend the next 30  minutes picking as many locks as possible because I had been out of practice. Tongue If ShmooCon prompted me to start a TOOOL chapter, what kind of craziness is DEFCON going to spawn?

Don, do we have EH Net shirts, yet? Tongue

I think we both did that "oh crap, gotta warm up!" thing... I've hardly had any time to practice the past month or so, might have a rough go of it at lockcon. I'm sure I'll be in my hotel room at night with some practice locks.  We have our meet tonight, so hopefully I can get some time with the tools this eve.

I'm afraid to think what's in store AFTER DefCon...  Grin
47  EH-Net / News Items and General Discussion About EH-Net / Re: Congratulations on your 1337th post, Hayabusa! on: July 11, 2012, 02:36:13 PM
guessing there's a ways to go before someone hits 31337... Smiley
48  Ethical Hacking Discussions and Related Certifications / Hardware / Re: New MacBook Pro on: July 06, 2012, 03:46:16 PM
Throw a SSD in a standard MBP, and it'll consistently outperform the MBP with Retina display, because so much processing power is used to drive the new display.

Since we still use wired networks, live CD's (at least two extra things you'd have to carry in your bag), etc, I wouldn't recommend the MBP w/ RD for any pen tester. Keep in mind that the RAM in the RD is soldered to the board (no upgrades) and the SSD is totally proprietary (unlikely/limited upgrades). If you want to upgrade in the future, standard MBP is the only way to go.

For reasons already mentioned, I love OSX as a pen testing platform. You get the power of *nix under the hood, which will compile a fair amount of software natively, you can go fink or macports for a wider selection of *nix utils, and of course you can run a VM for windows, BT, or any other x86 OS you might want to run.

Kind of the best of all the worlds, and (will this spark a firestorm?) IMHO OSX is infinitely more stable than windows, and that to me is worth something.
49  EH-Net / Calendar Of Events / Re: DEF CON 20 on: July 06, 2012, 02:41:59 PM
Holy moley, I'm alive!  Sad to say, but I've been sucked in by twitter (and mega busy). @revrance if anyone is interested... Blame Shmoocon.

Anyway, just though I'd pop in to say I'll be in vegas for DC. I got to meet Eth3real and tturner at Shmoo. Eth3real and I kind of joined forces for a picking competition at Shmoo, parted ways, both started local locksport chapters, and we plan to rule Black Bag at Defcon!

I'm also going to be at LockCon the week before, and Derby in Sept. Let's toast!
50  Ethical Hacking Discussions and Related Certifications / Other / Re: You... Shmoo? (Meet-up Thread) on: January 31, 2012, 11:11:51 AM
It was excellent, rance and I were an awesome team in the lockpicking competition. Grin

Hear hear!  Although I still feel like an ass for throwing away those time bonus points, but I hate losing to technology! Ya know what our biggest issue was though?  No EH.net t-shirts.  We would have been the team to beat if we had those.  Wink @ don

I also learned how to impression a key, here's the final result: http://www.youtube.com/watch?v=cd1aF75Jk4Q

Got to meet tturner as well. Many drinks were had!

If you haven't seen it yet, this was probably the most gasp-inspiring demo at the con (although, attacking proximity card access systems demo was very similar and frightening) http://www.forbes.com/sites/andygreenberg/2012/01/30/hackers-demo-shows-how-easily-credit-cards-can-be-read-through-clothes-and-wallets/

Unfortunately, like defcon, waaaay too much to see and do, but what I got crammed in was definitely worth it.

Good to meet those that made it, see whoever at the next con!  (Notacon? Thotcon? Hmmmm... (as my credit card screams in pain)) Smiley
51  Ethical Hacking Discussions and Related Certifications / Other / Re: You... Shmoo? (Meet-up Thread) on: January 25, 2012, 05:46:43 PM
I have arrived! Smiley
52  Ethical Hacking Discussions and Related Certifications / Other / You... Shmoo? (Meet-up Thread) on: January 23, 2012, 10:07:00 AM
Who's going?  Anyone want to get together for a`lil EH-net meetup?

I'm getting in to DC Wed afternoon, leaving monday eve.  Hoping to do a bit of sight seeing on thursday if the weather is nice (didn't get to do much during SANS).  Got a friend doing an 80's DJ night thing in Adams Morgan thurs night i might wander over to...

So, meet at the hotel? Go out for some adult beverages?  I dunno, I'm not a party planner.  Smiley 
53  Ethical Hacking Discussions and Related Certifications / Mobile / Re: Any chance of an EH-Net mobile app? on: December 20, 2011, 09:53:45 AM
I think you just volunteered!  Grin
54  Ethical Hacking Discussions and Related Certifications / Hardware / Re: First Rack Suggestions/Help on: December 09, 2011, 09:04:54 PM
Nice!  Kinda makes me miss networking...   Cry
55  Resources / Career Central / Re: Good news! on: December 07, 2011, 11:56:56 AM
Congrats on the job offer!

If I may inquire, where did they "find" your resume?  I might like to be "found" sometime very soon.  Grin
56  Ethical Hacking Discussions and Related Certifications / Web Applications / Re: Please help me with PHP injection(Some command not working) on: December 07, 2011, 11:45:18 AM
Sometimes the feedback from the command you run doesn't display to the screen, but will be in your source code, so after injecting your command, do a "view source" and see what you see.

Also, in some cases, you need to kajigger the command to force the feedback to the "screen", as some commands "hang" the input, and it's never returned to the browser.  At the moment, I can't remember what you have to append to the command... I can look it up later though.
57  Ethical Hacking Discussions and Related Certifications / Web Applications / Re: How to test if website is writable on: December 06, 2011, 10:54:32 AM
"Writable" is a pretty generic term and can be interpreted many different ways.  They could be referring to directories, or "writing" to your SQL DB if you have one, it may also be a file injection vuln.

What bothers me most is your comment that they did it "off their own back"... They way you originally wrote that, it seems to me that this "company" did a pen test on your site without your permission, knowledge or consent.  True?

If true, they found an issue, and are now saying "we found something on your site, but we won't tell you until you pay us something."  True again?

If true again, this would be known as extortion (maybe something lesser, but extortion is such a sexy word).  At this point, you might want to get some legal people involved.  If whoever this is had wholesome pure intentions, they'd tell you want the problem was and not demand money.  If they pen tested your site without consent, you should have full legal precedence to go after them.  You might want to start collecting logs ASAFP in case you wind up in the middle of some legal action.  (of course, this doesn't solve your issue of finding out what the flaw is.  you may get that information from legal proceedings, or you may have to hire a legit pen tester to find it for you.  Or, you could just shell out the dough to whoever this is, but they may also be scamming you.  You pay them, then you never hear from them again, or they send you on a goose chase, and they get a nice pay day.)

If this is a company you hired to perform a pen test, a full report, including technical details on any flaws should be part of the package.  If you have to pay extra for data... you need someone that writes better engagement contracts.  Grin
58  Ethical Hacking Discussions and Related Certifications / General Certification / Re: Shmoocon 2012 - Call for CTF team members on: December 05, 2011, 11:53:54 AM
rance, sorry for hijacking your thread. Grin

No worries Smiley  If the CTF falls through, I'll probably be spending a lot of time in LPV myself.  And the CTF will only last the entire conf if our team sucks.  I say we get in there, finish all the challenges the first day, then move on... Smiley
59  Ethical Hacking Discussions and Related Certifications / Web Applications / Re: I'm GWAPT, baby! on: December 05, 2011, 10:50:40 AM
Wow... thanks everyone for the kind words!  You're the bestest!  Smiley

Was your exam the 2-hour / 75-question version, or the older 4-hour / 150 question format?  I'm thinking of taking this course at the end of the year and I'm debating whether to do the exam or not.

How was the GWAPT exam compared to other GIAC ones?

2 hr/75 question.  My first GIAC exam, so I cannot give a comparrison.
60  Ethical Hacking Discussions and Related Certifications / Web Applications / I'm GWAPT, baby! on: December 02, 2011, 11:32:47 AM
Tested yesterday.  It was harder than I thought, even with my books all tagged up.  You had your easy questions, then you had those that you could reference in the book, then there were numerous "logic" questions where you don't find a direct answer in the books.  Have to put all that knowledge together and actually come up with an answer.  The test engine screwed me out of three questions though.  Apparently, even if you have no answer selected, and you're mouse isn't on the "submit" button... if, say, one of your books accidentally hits the enter key on the keyboard... whoosh, you're on to your next question.  Beware of that!

Anyway, definitely one of the more difficult exams I've taken, but I give them thumbs up on making a test that isn't just about memorizing tool and googleable questions.  Why isn't "--help" ever a valid answer on those tool questions? Smiley
Pages: 1 2 3 [4] 5 6 ... 15
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com
Valid XHTML 1.0! Valid CSS!
Page created in 0.073 seconds with 21 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.