apollo

It didn’t sound like he was doing a pen test (gosh I hope not) but instead trying to learn more about Metasploit and autopwn.  Autopwn just isn’t extremely flexible, but the thing about it that I think is nice is the fact it will aggregate vulnerability reports from nessus or something else if you can get it into the database and then look up…[Read more]

I always considered db_autopwn to be a best effort attack where you are throwing everything you can at a box and hoping one of the things makes it.  If you have enough information to know that an attack should succeed, doing that one directly is preferred.  If you are verifying vulnerabilities and not just trying to get into a box, I’d say if at f…[Read more]

I’m not sure how easy it would be to write an IDS signature for this, as the time span that you would have to track the session through could make your IDS sad.  Basically what the application appears to be doing, is taking advantage of the fact that most people protect their apache (or other web server instances) by limited the number of…[Read more]

In my opinion, using someone else’s notes, while probably not getting flagged at the test center, would most likely be useless to you.  The single best review tool that you have, as the exam must be taken a minimum of 2 weeks after you took the class, is to create an outline of the course material listing page #’s and references.  Going through a…[Read more]

I would start out with a “netstat -ano” in the shell console and look for the pid.  I would then pull up process list and see what the process was.  Once I had the pid, from the console window I might do a ‘tasklist /M /FI “PID eq “‘ and see if there are any dlls loaded that would possibly cause issues.  I would download sysinternals suite, lo…[Read more]

If you are trying to do education, you may be able to leverage 2 things.  First you can directly call iexplore to launch an educational page, along with causing an anti-virus alert to pop up.  As part of the auto-run for the drive, cause a web page to open to a pre-setup educational site on your internal network that is tracking IP’s, maybe i…[Read more]

I use perl more than most of the other languages because a lot of what I do is dealing with text.  In perl, regular expressions flow freely, and I mostly write scripts that are task specific instead of building applications to do things.  Typically if I’m building applications I will use other languages, but as far as a scripting language that h…[Read more]

Would you mind listing some more of the goals of the certification?  Are you looking for something just to give you a step up in your certification listing, or are you looking for accompanying training that will ensure that you have the skills necessary to be able to get into the pen testing field.  What is your experience level?  There may al…[Read more]

I also agree on Python.  As for a project, since you are studying networking, why don’t you work on doing a quick tool in python to take ip/netmask information and turn it into CIDR notation.  That is something that will ensure that you have a quality understanding of ip subnetting for your networking stuff, and may be usefull in other scripts t…[Read more]

Sorry for the delay on posting, I’m still recovering from ChicagoCon.  I think you are at the right point in your thought process.  As far as software development goes, it is still alive and well.  There are some interesting transitions going on with software in general, and so I think that there is less focus on the desktop and many folks are re…[Read more]

We’ll just say that Don is a great editor and leave it at that 🙂

This is my take on it, not part of the review because this is very subjective and not really an objective look at the course, but, that is an excellent question, and I’m glad you asked. Most of the things that folks want to learn can be found in a book or online, whether it is calculus or hacking.  Knowing that you can use burp proxy to do web…[Read more]

As a side note, if you haven’t tried Immunity Debugger yet you should give it a try.  I started using it when I went for NOP certification at Defcon last year and it was pretty sweet.  I hope to get the write up done shortly after ChicagoCon so I will share more then.  But as many RE tools seem to be moving to Python, checking out Immunity De…[Read more]

There is an embassy suites across the street, I recommend there for accommodations.  Slimjim100 and I will be there and presenting, I believe chris gates will be there as well.

I would recommend downloading a backtrack vm and starting here:

http://www.ethicalhacker.net/content/view/227/24/

This will walk you through the tools that you will want to start with.  via telnet, it is difficult to interact with port 135.  There are tools that will help you, but you probably want to know more about the status of the host b…[Read more]

Let me setup a slightly different scenario that may help this make more sense. 

You are at your workstation, and you are logged in via your domain account.  You have a patch missing on your machine, and while I am on your network performing a pen test, I scan your machine and notice that it is vulnerable.  By exploiting that vulnerability, I am…[Read more]

I’m taking 542 (web app pen testing) should be in around noon on Sunday.

sounds good, what class are you taking  ?

The GUI is a good idea, I hadn’t thought about that, but that would be a good add-on.  The other two that I”d thought about doing were on using pass the hash through meterpreter sessions and using your meterpreter session to assist in pivoting.  Any other thoughts ?

It is coming, Don has it and it is in the queue 🙂

There is even one more after part 2 that will showcase some potential post-exploitation.