|
EH-Net
|
|
May 22, 2013, 06:57:01 AM
|
Show Posts
|
|
Pages: 1 2 [3] 4 5 ... 62
|
|
32
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Next Level Lab
|
on: September 10, 2012, 05:09:00 AM
|
|
I've used GNS3 in the past, with mixed success.
I can understand the desire to build a 'lifelike' lab, but from my own experience I found GSN3 a step too far, as I spent more time getting it running and configuring the network than I did actually utilising the lab. Of course this does get you some network admin exposure and skills so may not be entirely time wasted depending on your goals.
Once the system is running, most of your tools/attacks won't notice the difference if you're popping shells over BO/SQLi/etc, the network is just the transport mechanism.
Plus, as GSN3 still requires you to provide your own Cisco IOS image this may be a deal breaker depending on what Cisco kit you can get access to.
For my own lab, I stick with ESXi's network capabilities plus a virtual Vyatta appliance to handle routing/natting/etc. depending on the scenario I'm trying to work with, but mostly I just stick my attack platform and target on the same subnet and get on with it.
Also bare in mind, the De-ICE images (and some others) don't have a default gateway set. So if you're wanting to use them in a more complex environment you need to get full root access to change the network config to add them to your environment, before attacking them. Bit of a chicken and egg issue.
|
|
|
|
|
33
|
Resources / News from the Outside World / Data Breaches increasing 1000% in 5years?
|
on: August 30, 2012, 07:53:06 AM
|
The Register have just run a new article on a common theme; data breaches, intrusions, malware etc. are increasing *shock* *horror*. Apart from rolling my eyes when I see these kinds of articles as the kind of FUD that's used as link bait, I also often stop to think behind the stats: Are these incidents actually increasing? Are we as an industry just getting better at identifying these occurances so we're now reporting issues that would have been missed previously? Are the topics just becoming more news worthy so we're getting more newspaper inches? I'll be honest, I've got no answer to these questions, just a few gut feelings. Would be interested to know others thoughts.
|
|
|
|
|
35
|
Ethical Hacking Discussions and Related Certifications / Other / Re: Your Other Reading List!
|
on: August 29, 2012, 06:59:09 AM
|
I'll add a few to the list, they're all a bit dated as I read most before I started Uni, but if you want to keep your mind active on tech subjects or broaden your professional horizon they're still good reads. Where Wizards Stay Up Late: Origins of the InternetCovers the development of the systems and protocols that would eventually become the Internet of today. If you don't know your Licklider's from your Postel's it's well worth adding to your library. The Hacker ethic Not necessarily the hackers of computer security, but covers those that think outside the box and work beyond the norm to do the unusual and 'supposedly' impossible. Hackers and Painters Covers the computerisation of everyday activities and the impact on our work an personal lives.
|
|
|
|
|
36
|
Resources / News from the Outside World / Re: Java Zero DAy exploit
|
on: August 29, 2012, 04:02:26 AM
|
Everything points to this being an interesting bug. Immunity have released a blog post indicating that there was actually two different 0-day bugs being exploited to achieve full compromise from the PoC: There are 2 different zero-day vulnerabilities used in this exploit: one is used to obtain a reference to the sun.awt.SunToolkit class and the other is used to invoke the public getField method on that class. And it's already in Metasploit.
Available hereThis bug may hang around for a while as there is evidence surfacing that the issue is reproducable in most JRE implementations.
|
|
|
|
|
38
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: 10 Year Systems Administrator wanting to get into Pen Testing
|
on: August 29, 2012, 02:17:49 AM
|
Hey Barcardi, welcome to the boards  Firstly, that's one hell of a list of certs on offer. I was like a kid in a candy store reading down your options. From my own perspective I'd look at GCIH to get a good grounding on the technical side followed by CISSP, although mostly to open HR doors in lieu of a degree. As cd1zz has mentioned, take a look at OSCP. It's not on your list, but it's a relatively cheap set of training and certification in comparison to the others. I used it as a jump off point from network/system administration that I had been doing for a few years into security. It gave me the technical information I needed, and I was also able to leverage the sysadmin skills I already had to complete several of the challenges (know the defaults on some of the target systems can really reduce some of the difficulty accessing unhardened systems. It might not be purely security, but given your background getting your MSCE/MSCE-sec certs shouldn't be too much of a challenge, would prove the skills and experience that you have and (hopefully) ensure that you remain employable for the years to come. Good luck with you A+ and Sec+ exams, and whatever you chose to follow them with
|
|
|
|
|
39
|
Ethical Hacking Discussions and Related Certifications / Other / Re: Boot Problem
|
on: August 29, 2012, 02:07:03 AM
|
No i didn't copy it over, i don't want use that program .
Any reason for this? Unetbootin (or alternatives) are the right tool for this job. If you've just transferred the files to your external HD your files should be there, but your system may not know to boot from the external rather than local HDD. Is the boot order correct for what you're attempting? (dd wil have the same issue) Which Live OS are you using? (assuming BackTrack given forum topic), without using unetbootin you can boot the iso, then use the install option, pointing the installer at the correct external HDD. (Make sure you pick the right option, making a mistake could will hose your local system). Hope this helps, but we'll likely need more info than you've provided to assist further if not.
|
|
|
|
|
41
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: SecurityTube Python Scripting Expert (SPSE)
|
on: August 24, 2012, 03:50:05 AM
|
i think its better to learn perl then python its my idea.[...]
I'll counter that, much prefer python, and from my experience I'd definitely question the thinking behind Perl being easier for a beginner. My reasoning is largely non-technical; I find some of Perl's idiosyncrasies a nightmare to get my head around, especially if I've not coded for a while and need to knock a quick script up. In comparison as Python's syntax and formatting focuses on whitespace, most Python code looks and feels similar when trying to come back and update something later. I'm not a developer by any stretch of the imagination, but I can generally write code (badly) in any language. I'd suggest just picking a language that feels comfortable and starting there, if you need to change to a different language a lot of what you learn will be transferable (I started with VB and PHP, yuck). For a beginner I've been suggesting python purely based on the additional support and guidance available through the securitytube resources.
|
|
|
|
|
42
|
Resources / Career Central / Re: Demand for Linux Skills on the Rise, Along With Wages
|
on: August 21, 2012, 05:00:49 AM
|
From the article: Linux Systems Administrators Linux expertise isn’t enough any more. Now you’ll need experience with scripting languages, configuration management and virtualization software. N.B. Emphasis mine... I could be going out on a limb here but; if you can't script, at least to a basic level you're not a sysadmin? As for the rest of the article: - 'Sys admins are being outsourced' - to who? Someone still doing the work
- Web design:'DIY tools eliminating need for experts' - really? (although this does explain a lot of the cruft....
- Datacenter specialists: This is my bread and butter, no let-up in demand here from the trenches
- repair technicians - True from an end user device perspective, but lets see you replace a blade-centre/SAN/etc. for less than the repair costs...
who writes this junk?
|
|
|
|
|
43
|
Resources / Links to cool sites. / Re: HackArmoury (Tool repository)
|
on: August 21, 2012, 04:50:36 AM
|
I came across hackarmoury for the first time a few weeks ago, I think it's got a good collection of tools and a great source for showing some of the breadth and depth of available tools that you might not know are available for specific tasks. BUT, from my testing (completely non-scientific) I found many of the tools available to be behind the latest vendor version and I'm always nervous about getting tools from source (see Download's bundling of nmap with malware last year for an example). Personally I'll still be taking my tools from source, or at least 'trusted' repos.
|
|
|
|
|
Loading...
|