Forum Replies Created
April 4, 2013 at 2:24 am #52496
I assume right click on the taskbar is dead too? Any right clickage?
April 4, 2013 at 2:16 am #52487
Wireshark would do the trick. You just have to know what you’re looking for 🙂
April 4, 2013 at 2:13 am #52494
Can you use removable media or is there a CDROM either virtual or physical? If so, just drop a shell and try to escalate from there. Are there any other apps the regular user can access at all? Like in the system tray? Sometimes AV will still be accessible and within the AV you can escape the restricted desktop via the same methods….help menu etc.
April 1, 2013 at 4:01 am #52376
I hate Acunetix, I use Burp Pro for everything now.
April 1, 2013 at 3:58 am #52417
I’ve been using Microsoft Expression (Free version)
March 20, 2013 at 3:32 am #52328
It’s a pretty big field, what are you interested in? Just to name a few options….
Pentesting, forensics, incident response/handling, security operations, security audit, research…….
March 15, 2013 at 3:24 am #52284
I changed careers from network admin to pentesting at 30. I managed to do so without taking a pay cut. It’s possible, you just have to be strategic about it. Like ajohnson said, the next logical step in my eyes is for you to become a web app ninja. You’ll have to convince a potential employer that you actually know what you’re talking about. You might want to start blogging, or publishing useful code to the community…..whatever it is, just start showing that dream company that you’re a ninja. Where are you located?
March 15, 2013 at 12:30 am #52260
That’s a cool idea and I think that would work well with what I usually recommend…. which is to implement GPO based FWs and block 445 inbound, except from a jump box or from a small subnet of IPs.
I know 445 can also be used for installing software remotely, but again, that could be accomplished by only allowing inbound 445 from a subset of the network/jump box.
I was recently at a client that implemented something really cool called CyberArk, ever heard of it? It changes the local admin passwords to crazy random passwords, every hour! It keeps track of all of them and allows SSO through the CyberArk. Bad ass!
March 14, 2013 at 3:55 pm #52258
Weak passwords have already been mentioned…. I have pretty good success taking about 10 common passwords and spraying them across ALL the services I discover. Vmware, vnc, SMB, telnet, ssh…. everything…. In large environments, I usually hit at least one, which is typically the first step in total pwnag3 because of all the stuff already mentioned. Defense is hard. Glad I’m on offense.
March 14, 2013 at 1:45 pm #52254
What AJ said but in addition:
– Sync’d local admin pws
– Lots of LM hashing in use
– Tons of exposed 445 on EVERYTHING which makes PTH and psexec possible
March 11, 2013 at 2:00 am #52205
Good to know I’m not totally crazy.
March 10, 2013 at 9:09 pm #52202
I had no idea there was a difference! Thanks for the clarification. I always assumed it was the same concept as egress filtering, which is apparently different!
March 9, 2013 at 8:46 pm #52198
It will stop attacks on ports/services that are not allowed. However, it cannot stop attacks for ports/services that are allowed. For example, you would hopefully deny inbound tcp/445 but might allow tcp/80 in for web services. We can still attack the web server and the web application….which is allowed by the ingress filtering.
March 4, 2013 at 4:06 am #52174
You’ll see overlap because there is a methodology to pen testing. Techniques, however, are different between vendors. Depending on who you ask, you’ll get different answers on which pen test certs are “worth it.” One could argue that taking ALL of them would fill in the gaps the other vendors might have. Obviously, unless you have an unlimited training budget, that’s not likely realistic, so you need to prioritize what you want.
As you’ve noticed, there are several “beginner” pen test certs and far less “advanced” ones. GXPN claims to be advanced, and it certainly is more advanced than some of them but in my opinion its lacking in some areas, for example.
A point of clarification:
What percentage of knowledge overlap would there be between OCSP and OSCE? Would someone who has completed OSCP & OSCE get value out of obtaining GPEN?
OSCE and P are very different certs. OSCP is pentest focused, OSCE is exploit development focused (mostly).
I personally started with OSCP and then went back and looked at the GPEN material. I decided that I wanted to spend that 5K somewhere else.
However, at my company we like to push people into GPEN first, then push them to OSCP. They seem to work well together.
Keep in mind, a lot of this stuff is teaching you methodology and “how to think” the rest is really just sharpening your own techniques and skills. Regardless of all the education you get, the best way to get really good at this, is to get real world experience in real environments.
March 1, 2013 at 3:57 pm #52151
Well, spread the word!