-
former33t replied to the topic Need good password crackers to test my encryption algorithm. in the forum Programming 8 years, 10 months ago
I’ll second this. The sample you provide is insufficient to determine anything about either the algorithm or the keying material.
That being said, rolling your own encryption algorithm is always a bad idea. Correctly implementing existing encryption libraries can be difficult (ask the Debian team). Getting your own algorithm built from the gr…[Read more]
-
former33t replied to the topic CEPT by Infosec Institute in the forum Security 8 years, 10 months ago
I’d be interested as well to hear your experiences with the CEPT. I’m equally interested that Infosec Institute is even still in business considering the plaugerism scandal last year…
-
former33t replied to the topic hacme bank prebuilt vmware image by (Ninja-Sec.com) in the forum Web Applications 8 years, 10 months ago
FWIW, I downloaded the image and extracted the zip file. This creates multiple .7z files (a multi-part 7-zip file). Use 7-zip (free) to put them back together. The whole process took maybe 5 minutes and was far from rocket science. No offense, but if you can’t reassemble a multi-part archive, even hackme bank is probably a little too advanced for you.
-
former33t replied to the topic Demand for Linux Skills on the Rise, Along With Wages in the forum Career Central 8 years, 10 months ago
Sorry to resurrect an old thread, but for what it’s worth, I got my RHCSA for RHEL6 earlier this year. I’d have taken the RHCE, but my company was only paying for the RHCSA. In any case, the exam was hard but fair. I don’t know if I’d even bother with the Linux+ exam on my way to RHCSA. And now RHCSA is required for RHCE too, so in either cas…[Read more]
-
former33t replied to the topic Mile2 says CPTE is a much better cert than CEH. True? in the forum Network Pen Testing 9 years, 3 months ago
CEH is great for HR only. When I do technical interviews, I always ask CEH certified folks how they feel CEH has prepared them to work in security. Those with other certs (who are on the level) usually tell me that it was a cake walk compared to cert X (besides say A+). Those who only have the CEH regularly tell me how difficult it is and ho…[Read more]
-
former33t replied to the topic Secret Clearence already in the forum Career Central 9 years, 9 months ago
No offense, but a secret clearance doesn’t really mean anything. It sure doesn’t cost 60k to fund one.
The cost of living at Ft Huachuca is near nil and you are competing with MI instructors with TS clearances and 20 years of experience. GD underpays everywhere, but in this case 30k is a gift. If you don’t take it, someone else will. IF you…[Read more]
-
former33t replied to the topic A Hacking Christmas to All, and to All a White Hat in the forum News Items and General Discussion About EH-Net 10 years ago
Amen to family time. Merry Christmas all!
-
former33t replied to the topic Penetration testing updated windows 7 and bypassing kaspersky internet security in the forum Tutorials 10 years, 1 month ago
Sorry dude. I can’t take 30+ minutes of Arabic to see what you are doing to “bypass KIS”. If you are talking about encoding, migrating processes, or simply killing the AV, I’d hardly call that a bypass though.
-
former33t replied to the topic Penetration testing updated windows 7 and bypassing kaspersky internet security in the forum Tutorials 10 years, 1 month ago
If I only I spoke arabic, this would be a great resource. Can you point me to the specific point in the video where you are bypassing KIS?
-
former33t replied to the topic ShmooCon 2011 in the forum Calendar Of Events 10 years, 2 months ago
Again, assuming I can get a ticket I’ll be there as well. I was working on a presentation for the conference but school got in the way and somehow passing became more important than presenting….
-
former33t replied to the topic How Application filtering in fire-wall works? in the forum Web Applications 10 years, 3 months ago
It sounds like you might be trying to detect illicit software installs on your client machines. There are much more reliable ways to do that than using a firewall. Look at client side solutions to protect the endpoint. These are much more reliable for detecting the sorts of changes you mention.
-
former33t replied to the topic My father is hacking me?! in the forum Incident Response 10 years, 3 months ago
Reading comprehension ftw:
So the computer has RAS enabled so dad can help out when he’s not around… he doesn’t need to be an NSA cracker. He doesn’t even need to be able to hack his way out of a paper bag. He has access to the machine. Full disk encryption won’t fix that. It won’t even help.
If you are worried about him on the comp…[Read more]
-
former33t replied to the topic webapp pricing in the forum Web Applications 10 years, 3 months ago
So I’ll come full circle with my pricing guess-stimate for this type of work. When I said $3k, that was a floor value. I wouldn’t expect anything less than that. If you are doing your own pentests as an independent contractor, you have to cover your E&O insurance, business overhead, time lost negotiating and drawing up a contract, legal fe…[Read more]
-
former33t replied to the topic webapp pricing in the forum Web Applications 10 years, 3 months ago
Do you need a pen test, a white box code security review, both? Do you need someone to hit the webapp from the outside or assess the security of the DB server on which the data resides? They are very different things with very different pricing structures. I sounds like you want the webapp tested from the outside. That is cheaper than pay…[Read more]
-
former33t replied to the topic Anyone did OSCE (CTP) ? in the forum OSCP – Offensive Security Certified Professional 10 years, 3 months ago
I’m generally against reviving old threads, but I’ll keep this message here for the sake of continuity.
I’m a little more than half way through my 60 days of lab time and I can’t say that I’m disappointed. I feel comfortable with all the material I’ve attempted so far (I’ve coded some exploits before), but I wish I had a better idea of what to…[Read more]
-
former33t replied to the topic A Contractor Solution for Cyber Warriors in the forum Cyber Warfare 10 years, 3 months ago
I’ll take a different spin on this. I’ve been a government employee and a contractor at different times. Right now I’m doing both. I have a full time government job and I contract to private organizations on the side (some of the work in the past has been back to the government but I’ve navigated the “conflict of interest” waters with ca…[Read more]
-
former33t replied to the topic Should I? in the forum CPTC – Certified Penetration Testing Consultant 10 years, 3 months ago
First, who told you that gi bill will pay for these? I have gi bill and getting them to pay for anything has been like pulling teeth.
I know two people who took this class. They both had differing opinions. I think this depends on the instructor. As for exploits, I think they had to develop exploits for custom services. They also did case…[Read more]
-
former33t replied to the topic Botnet lab exercises for graduate-level security class? in the forum Malware 10 years, 3 months ago
First, I don’t have any example code to throw your way, but I’d tread lightly on this. I think there are some legal implications in giving your students bot software.
If you were keeping the whole thing in a lab, you might write some simple bot code that sends packets on command (simulated DDOS) in your university lab and provide students…[Read more]
-
former33t replied to the topic Passed GPEN – some comments (Sept 2010) in the forum GPEN – GIAC Certified Penetration Tester 10 years, 4 months ago
Congrats.
I’m with Dynamik and BillV on the counter. On exams that don’t have it (most of them), I keep a tally of questions I “know” I got right, those that I was pretty sure on, and those that I EWAG’d so I can breathe a sigh of relief when I’ve crossed the passing threshold. I’ve never failed a certification exam attempt, but I still find m…[Read more]
-
former33t replied to the topic Harsh Words for Professional Infosec Certification in the forum General Certification 10 years, 4 months ago
I agree with partek. Demonstration based exams are worth more than knowledge based exams. OCSP is a good measure of practical ability needed to perform in a pentest environment and does provide a good benchmark for what you can expect from a certification holder.
The problem with demonstration based exams is that they are expensive. They ha…[Read more]
- Load More