|
EH-Net
|
|
May 24, 2013, 06:49:53 PM
|
Show Posts
|
|
Pages: [1] 2 3 ... 21
|
|
1
|
Resources / Tools / Re: BackTrack Reborn - Kali Linux
|
on: March 14, 2013, 08:47:51 AM
|
|
Anyone tried it out, yet? I had to disable IO APIC to get the 64-bit ISO to boot in VirtualBox, and then tell the installer to not use "internet sources" to finish install. I won't have any real time to play around with it until this weekend, but looks good so far.
|
|
|
|
|
3
|
Ethical Hacking Discussions and Related Certifications / Network Pen Testing / Re: Windows 7 - OpenVAS
|
on: March 13, 2013, 08:47:54 PM
|
|
I haven't run it in Windows, but I run both the server and the client on a Linux laptop. The server is was actually does the scanning, and the client just manages the server. You can use OpenVAS-Client to manage a OpenVAS-Server, remotely or locally.
It doesn't look like OpenVAS-Server is supported on Windows (there is a Greenbone package available for the client only), so you will need a different place to run the server from, maybe a Linux VM would do the trick for you. You then have the option of running the client from the VM, or from Windows.
Hope that helps!
|
|
|
|
|
8
|
Ethical Hacking Discussions and Related Certifications / Hardware / Re: Discreet Hacking Devices
|
on: July 14, 2012, 10:34:07 AM
|
Yeah, the Pwnie Express is pretty awesome, and looks like it's packed with features and a more powerful platform. However, you don't have the cost benefit of being able to forget about it and leave it behind, it's quite expensive.  If you get your hands on one of these, let us know! I agree about reverse tunnel, I had thought of that, too. I just meant that if you keeping external traffic to a minimum to avoid detection, you could always pick it up later to get your results. Either way would be highly effective. To further the idea, I was thinking that the device could often change its MAC address, IP, spoof other machines, etc. dynamically, to make tracking it difficult. If you were also doing some kind of network monitoring, you could look for events such as a network scan that isn't your own. You could then stop any active attacks and just watch a passive monitor. When it safe, resume the attack.
|
|
|
|
|
9
|
Ethical Hacking Discussions and Related Certifications / Hardware / Discreet Hacking Devices
|
on: July 13, 2012, 10:53:04 PM
|
Has anyone ever toyed around with the idea of using small, discreet, low-power computers (like the Raspberry Pi) as an attack platform? It's small enough that if you got a decent, professional-looking case for it, it could blend in with other network equipment at a client site. There is a project out there, called RaspberryPwn, that is supposed to be a pentesting Linux distro for the RasPi. It's easy enough to put together your own pentesting tools, especially with something like Arch Linux, but it's still interesting. Raspberry Pi is not the only platform I have in mind, either. Gooseberry, APC, etc. are similar, each with different specs. I imagine one could leave a scan running over the course of several days, or weeks, running slow enough to not trigger an IDS, and pick it up later. Some of them are cheap enough that it would be of little concern if you were unable to recover it for some reason (RasPi is only $35). Anyway, just an idea I had rolling around. Let me know what you think. 
|
|
|
|
|
11
|
EH-Net / Calendar Of Events / Re: DEF CON 20
|
on: July 11, 2012, 01:44:06 PM
|
rance, Shmoo was pretty awesome. I wasn't planning on doing the lockpicking competition until you asked me. I had to spend the next 30 minutes picking as many locks as possible because I had been out of practice.  If ShmooCon prompted me to start a TOOOL chapter, what kind of craziness is DEFCON going to spawn? Don, do we have EH Net shirts, yet? 
|
|
|
|
|
12
|
Ethical Hacking Discussions and Related Certifications / General Certification / Re: Certification plans for 2012?
|
on: June 12, 2012, 01:45:34 PM
|
My certification plans for 2012: Linux+ Network+ Security+ CISSP
I still have that CPTE that I need to finish up and take the exam for, but not exactly part of my 2012 goals. I may try to take that in January, hoping to take the first part of Linux+ exam in early February.
Wow, I missed it by a long shot. Abandoned Linux+, Network+, and Security+. Just passed CPTE a few days ago. Studying for CISSP, hopefully will attempt the exam within the next 90 days.  It's been a busy year for me so far, gotta catch up.
|
|
|
|
|
13
|
EH-Net / News Items and General Discussion About EH-Net / Re: [Article]-October 2011 Free Giveaway Winners - Mile2
|
on: June 08, 2012, 11:12:15 PM
|
CEHv5 kicked my ass. I failed by 1 point (EC-Council was nice to enough to grant me the certificate anyway after I studied my ass off and was prepared to do a retake), and it was a long exam at a testing center. Mentally and physically exhausting. CPTE was 100 questions, did it online, it's supposed to be open-book if you have the course materials, and the questions were a bit easier. There were also some bugs. I swear I got the same question twice (at least once), and there was one question that started with "Given the diagram below..." and there was no diagram. 
|
|
|
|
|
15
|
Features / Book Reviews / Re: Good books on learning Linux?
|
on: April 23, 2012, 10:22:00 AM
|
This is a REALLY good book. google linux from scratch
This is probably the best way to get a really thorough understanding of Linux. I absolutely recommend this, there is a step by step guide to help you through it.
|
|
|
|
|
Loading...
|