ccpik1

Forum Replies Created

Viewing 9 reply threads
  • Author
    Posts
    • #53954
      ccpik1
      Participant

      Still no luck with this, have been reading solid nmap documentation and on different forums, and I can’t see a way forward with this. I literally get nothing back apart from ‘filtered’ and I know there are ports open as I have spoken to the client.

      Does anyone have any suggestions?

    • #53790
      ccpik1
      Participant

      Thank you. I will be reading up on the ones you mentioned, and if I feel confident enough understanding exactly how it can be replicated I’ll have a go

    • #53758
      ccpik1
      Participant

      Please delete above post mods if possible. I have found what I was looking for. Apologies

    • #53738
      ccpik1
      Participant

      Thank you for the advice. I know I sound in a rush but I do not want to get shoe horned into my current role and then in 5/10 years time try and make the jump into pen testing. A pen testing role just seems incredibly hard to get into whatever education/experience you have outside of that domain

    • #53729
      ccpik1
      Participant

      What happened is that the firewall was blocking the traffic on the rule ‘incoming traffic xyz’ which is defined in our network as coming from the outside-untrust to the inside-trust. The rest of the log however reported the data coming from trust to untrust. In conclusion we thought it must be the external attacker spoofing an internal address, hence it is matching the rule ‘incoming traffic xyz’

    • #53695
      ccpik1
      Participant

      @Master Of Puppets wrote:

      I want to start the OSCP really bad. The problem is that my schedule is really tight and when I start I want to have enough time for it, otherwise what’s the point. January seems too early for me. I’m shooting for somewhere during the summer. I really hope I can start then.

      This post sums up my position too. Not enough hours in the day currently! The course does look fascinating and very well put together from what I have read about it

    • #53723
      ccpik1
      Participant

      Some very good ideas there thank you. I am in the process of checking these things out. I can’t ping the host now as it has been removed from the network physically. So the logs on the firewall must either be out of sync or incorrect. I thought originally IP spoofing or ARP poisoning but this does not look likely now

    • #53721
      ccpik1
      Participant

      Palo recognizes the zeroaccess.gen signature, it has it in its database. Going to try and get a packet capture later

    • #53717
      ccpik1
      Participant

      It did have but now is off the network physically and no host exists on that IP and the traffic is still flowing to and from. Which is why I thought IP spoofing from another host or ARP poisoning but I do not think zeroaccess trojan is capable of that

    • #53670
      ccpik1
      Participant

      Thank you that is indeed very helpful. The firewall would be a layer 7 next gen, Palo for example. The servers would be NATTED and data passed through the firewall before it gets to them, else the data would pass directly to them (not NATTED)?

Viewing 9 reply threads

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?