amol_d

no worries and Thanks for the reply hitmonkey. i suppose what you could and could not do would be based on the contract with the client.

hey so how did it go? I was hoping to read about your experience on this one

IMHO more than the risk of someone sniffing 3G (and i have no idea how practical this is), the greater risk is a customer using public WiFi to talk to your website. That would let an attacker on the same access point to launch practical attacks (man in middle via arp spoofing etc) so I would always assume that the client data to a website can be…[Read more]

Using a good RF scanner will work but like you said its not going to help much if the phones are off. Not to trivialize the issue, but a security guard that can frisk visitors will mitigate that risk to a large extent. Have lockers for visitors to put in their bags/purses etc before they enter the secure area.
What is the purpose of not allowing…[Read more]

Congrats DragonGorge! This was a very good review, and it lead to major deja-vu for me, especially the wife and kids part. I agree with most parts of the review. One thing I gotta say, because OSCP is made so hard to achieve, the exhilaration on passing is incomparable and you really feel like you have achieved something and have learnt a huge…[Read more]

Just passed CSSLP. I am glad i took it. The format and quetion structure is very similar to CISSP as you would expect (ie you either know or you dont, not like CISA where they play arround with the English language to make it trickier)
I think it is very very relevant to those who are into secure SDLC. While going through the material I already…[Read more]

WHen i was stuck and did not know how to proceed, I found it useful to look at videos on youtube and securitytube.net to see how others had approached similar problems. g0tmi1k.blogspot.com has a lot of videos as well, although the machines being hacked are totally different, when you see the videos you understand the approach that is taken from…[Read more]

Thanks don, i will!

j0rdy, i totally agree, the oscp videos on buffer overflows has to be one of the best introductions to buffer overflows for newbies. it was explained so well that i have become addicted to it, i am now on grey-corner.blogspot.com tutorials and corelan.be tutorials, to prepare myself for osce later on because i have heard that…[Read more]

One more thing I would like to add:
there is a lot of self learning involved. Its a very good idea to go through videos on securitytube and g0tmilk’s blogspot site. I also found it useful during labs that, when I was suspecting a particular weakness existed but was not able to exploit it, to go on youtube/security tube and search. A lot of times…[Read more]

Thanks all!

Hi DragonGorge
I agree the requirements are ambiguos, because its very subjective, whats rudimentary to the offsec folks may not be to others. I shouldnot worry too much about the python knowledge though. I had very basic shell scripting and perl knowledge and 0 knowledge of python.
Although python is widely used, its not hard to…[Read more]