cd1zz

[cd1zz]

All of my physical testing at data centers has been unsuccessful. They pretty much have the physical part figured out so the easy stuff wont work. The only time we had “some success” was when we used some pre texting with it. I had “momentary” access and then was quickly escorted out.

[cd1zz]

@m0wgli wrote:

@cd1zz wrote:

looks like -m 3100 will get it done in hashcat

https://hashcat.net/forum/thread-1051-page-2.html

AFAIK, 3100 is for Oracle 7-10g. Oracle 11g is 112.

Yep, you’re right!

[cd1zz]

looks like -m 3100 will get it done in hashcat

https://hashcat.net/forum/thread-1051-page-2.html

[cd1zz]

No matter how bad you root a company up, you have to find some good and tell them about it. You can also spin the bad findings and say things like “it’s a good thing we caught this before someone else did” or “the good news is that these issues are easy to fix.” Reporting style is important too. You cannot get emotional, your report should be based on data and be very matter of fact. Keeping the tone of the report this way is easier for people to digest.

[cd1zz]

This is kind of a tough situation because most of these products are crappy. Burp is the best, but only for one site at a time. It doesn’t do well even with large, single sites.

The problem you’re going to face is that the “right” product you find that can handle such a huge workload is probably going to give you the same marginal results, at best.

The only product that really comes to mind that you might want to consider is Nexpose. It does web app scanning, although I’m not sure how well, and it can get pricey but it’s worth a look. You can schedule and it seems to perform well on larger engagements. I was also going to say appscan but you already don’t like that product.

[cd1zz]

Appscan is like 30K and up, is that an option?

[cd1zz]

If you got every box, you should be good. No idea what this other challenge is you’re talking about. My advice is to sleep well before and knock off the easy stuff first in the challenge.

[cd1zz]

Nice work!!

[cd1zz]

Your path will be unique, but as long as you achieve your milestones you can get there. To begin, those milestones should be certs. You certainly don’t need a college degree to pentest, some of the best don’t have a degree. My personal opinion is that if you can find a IA or IS degree that is a balance between “credibility” and cost, it cant hurt. Who knows, in 10 years you may need that college degree for some type of management gig.

To over simplify the process, and if money is no object here is how I would do it:

CCNA or MCSE -> GPEN -> OSCP …

You will need to learn how to troubleshoot, that is probably the most important skill that does not come with a cert. As an electrician, you probably already have a knack for this. The ability to quickly analyze and fix issues is imperative.

[cd1zz]

This is probably the most common question here. Seems it comes up at least every week or two, search around and you’ll find the same answers on each one.

Where are you located? Depending on your current salary, the strategy may be different.

[cd1zz]

First of all, “Backtrack” has a million tools on it, you need to know which tool to use for the task at hand. Otherwise its like trying to screw in a bolt with a tool box.

For OWASP, the likely tool to begin with is Burp. The “wireless grid” has no impact on OWASP, that is simply the network medium.

You can start here: http://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/

You cant just “run commands” an expect magic to happen. Web apps are usually custom written, so you need to know what you’re looking for and subsequently plan your next steps. Learn about what each of the top 10 really mean.

Go read this book cover to cover: http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470/ref=sr_1_1?ie=UTF8&qid=1366896847&sr=8-1&keywords=web+application+hackers+handbook

[cd1zz]

Keepass

[cd1zz]

20% is a pretty big hit, but depending on where you are now, you could make it up. Feel free to PM me with specific numbers and I can give you a better idea (at least at US rates).

App security is exploding just like the rest of security. There are companies that will allow you to stay as a practitioner by doing something like this: associate -> consultant -> senior consultant -> principal or super senior, or whatever the term is.

It really depends on what you’re trying to accomplish. If its for the love of the work, or if its to try and position your self for another position in 5 years, whatever, MY advice would depend on a number of other factors.

[cd1zz]

They’re both awesome for pen testing.  Core impact has exploits in it that are not public and Meta Pro can help automate large pentests, it is a phishing platform and does some other stuff. Not sure about web app scanning, I doubt it. That would be be creeping into their other product, Nexpose. I always turn the Nexpose spidering/scanning option off. In my opinion, web app scanners are only as good as the guy using it. Burp is the only option + someone who knows what they’re doing.

For network, you need a good vuln scanner. I like Nexpose. However, there are a billion vulns that dont show up in a vuln scanner either. Again, it depends on the person driving. I guess what I’m saying is that you need multiple tools. Meta pro and core are expensive, the rest are not. What you give up in the pro, you can make up with old school metasploit.

[cd1zz]

I completely disagree. Just gave Acunetix another shot this week on a client and hate it even more. Worst. Product. Ever.

If all you need are pretty reports with false positives, Acunetix is your tool.

[Author]

Posts