ccpik1

  • Still no luck with this, have been reading solid nmap documentation and on different forums, and I can’t see a way forward with this. I literally get nothing back apart from ‘filtered’ and I know there are ports open as I have spoken to the client.

    Does anyone have any suggestions?

  • Thank you. I will be reading up on the ones you mentioned, and if I feel confident enough understanding exactly how it can be replicated I’ll have a go

  • Please delete above post mods if possible. I have found what I was looking for. Apologies

  • ccpik1 replied to the topic Advice in the forum Career Central 5 years, 11 months ago

    Thank you for the advice. I know I sound in a rush but I do not want to get shoe horned into my current role and then in 5/10 years time try and make the jump into pen testing. A pen testing role just seems incredibly hard to get into whatever education/experience you have outside of that domain

  • ccpik1 replied to the topic Malware routing in the forum Malware 5 years, 11 months ago

    What happened is that the firewall was blocking the traffic on the rule ‘incoming traffic xyz’ which is defined in our network as coming from the outside-untrust to the inside-trust. The rest of the log however reported the data coming from trust to untrust. In conclusion we thought it must be the external attacker spoofing an internal address,…[Read more]

  • @Master Of Puppets wrote:

    I want to start the OSCP really bad. The problem is that my schedule is really tight and when I start I want to have enough time for it, otherwise what’s the point. January seems too early for me. I’m shooting for somewhere during the summer. I really hope I can start then.

    This post sums up my position too. Not enough…[Read more]

  • ccpik1 replied to the topic Malware routing in the forum Malware 5 years, 12 months ago

    Some very good ideas there thank you. I am in the process of checking these things out. I can’t ping the host now as it has been removed from the network physically. So the logs on the firewall must either be out of sync or incorrect. I thought originally IP spoofing or ARP poisoning but this does not look likely now

  • ccpik1 replied to the topic Malware routing in the forum Malware 5 years, 12 months ago

    Palo recognizes the zeroaccess.gen signature, it has it in its database. Going to try and get a packet capture later

  • ccpik1 replied to the topic Malware routing in the forum Malware 5 years, 12 months ago

    It did have but now is off the network physically and no host exists on that IP and the traffic is still flowing to and from. Which is why I thought IP spoofing from another host or ARP poisoning but I do not think zeroaccess trojan is capable of that

  • ccpik1 replied to the topic Firewall question in the forum Network Pen Testing 6 years ago

    Thank you that is indeed very helpful. The firewall would be a layer 7 next gen, Palo for example. The servers would be NATTED and data passed through the firewall before it gets to them, else the data would pass directly to them (not NATTED)?

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?