24772433

Just had a look at pwnpi. I think I’ll order raspberry pi, instead! Thanks.

Just to clarify, if the phone is switched off, it will still emit a RF signal and be detected by the scanner. SOP is to remove the phone’s battery to prevent detection.

It’s definately not too late. 28 is young! I was 30 when I took the transition from soldier in the British Army to IT Systems Admin – I didn’t do IT in the army!

From the sounds of it your’re on the right track. Most definitely concentrate on Web Application testing. Also, get signed up for the PWB/OSCP course too. It’s worth the…[Read more]

I got the confirmation emails through fine but I messed up on my mental arithmetic! I put GMT ahead of EST by 6 hours instead of 5, so I only caught the Q&A session at the end of the webinar! To rub salt into the wound, one of the comments on chat was about how the presentation was the best from Rapid7 ever! 😀

Thanks for the replies, guys. All very helpful.

Worcestershire, Great Britain.

Having used the UK Ministry of Defence DII systems I know just how unmanageable the whole thing is. I had to write down my password(s)  too – and I should know better!

Echoes of British Telecom’s frivolous Hyperlink Patent lawsuit from 2002! BT lost that one, not surprisingly!

^^like^^

Congrats! Who’s the new outfit?

I was at a UK millitary establishment in Wiltshire last year and given the nature of their work ALL mobile (cellular) phones are prohibited and have to be checked in at Security. To enforce the policy they used scanners which will detect phones, even when switched off as they will still emit RF (unless the battery is removed).

I don’t know the…[Read more]

The subnet should be 192.168.1.x. You would be advised to set the NIC for both guests to Custom – vmnet2. The de-ice distros set their own IP address. The clue to what that is is in the name, e.g. ‘de-ice 1.100’ which would be 192.168.1.100.

Set your Backtrack VM to the same subnet and you will see the de-ice VM.

If you still can’t see the vm…[Read more]

Andrew, who would you recommend for buisness grade broadband in the UK?

Steve.

As mentioned, it’s an old exploit and since patched. You could try seeing if kb823980 is installed separately in Add Remove programs and uninstall. This will work.

The RHOST IP should be the victim machine’s IP ie x.x.x.67. RHOST is remote host, not local.

Steve.

In posing the question I’m very much playing Devil’s Advocate. I do value the benefit of going beyond a simple vulnerability assessment and looking to demonstrate an exploit.

I do agree, it’s a balance between business continuity and exposure to risk. A malicious hacker won’t care less if the server blue-screens, other than maybe attracting…[Read more]

Jamie,

I saw this today. A London based security company looking for a Junior Pentester:
http://www.theitjobboard.co.uk/?Mode=AdvertView&AdvertId=8540714&SearchTerms=Penetration+Tester&LocationSearchTerms=UK&JobTypeFilter=0&xc=1&utm_source=jbe&utm_medium=email&utm_campaign=jbe&lang=

Steve.

There are some very interesting comments from a thought provoking article.

The increase of virtualisation in corporate networks and the growth of cloud based services provide challenges to the security community to adapt to these changes. Server virtualisation is now commonplace and so too will be desktop virtualisation, along with switch…[Read more]

If you want to tinker with AD for free Microsoft have quite a few pre-configured VHDs for Microsoft Virtual Server. 

http://technet.microsoft.com/en-us/bb738372

I’ve used these in the past, mainly the Exchange servers for evaluation and testing. With the standalone 2008/2003 servers you can easily create an AD environment just by running the…[Read more]

@midnight monster wrote:

oh steve are you kiding!! it has hundred compatible payload and it takes a lot of time for me

OK. What is the server OS and vulnerability? If it’s Windows then Meterpereter (as mentioned by BILLV) is always a favorite of mine.

Steve

A couple of hiccups with receiving emails but I got registered and handed over £480 once I was happy with the VPN connection to the labs.

Due to start the course on Sunday 20th November. Looking forward to it!

Steve.