-
former33t replied to the topic Suggest me a e-book for understanding basics of buffer over flow? in the forum Programming 10 years, 5 months ago
If you have $32 to spend, jump over to amazon and buy “Hacking: the art of exploitation.” Then read some papers and realize that your money was well spent from all the time you saved reading a book that gives you a good grounding to digest everything else. Search the site for some book reviews on this. It is widely read and universally re…[Read more]
-
former33t replied to the topic Is it possible to have a keylogger and Avast running at same time? in the forum Malware 10 years, 5 months ago
Both the points above are good. I’ll also point out that depending on where you live, your roommate may actually have an expectation of privacy while using your computer (if it isn’t password protected, left in an open space, etc). In other words, you might be opening a whole can of worms by installing the keylogger and he uses the computer. F…[Read more]
-
former33t replied to the topic Hardware Firewall Purchase in the forum Hardware 10 years, 5 months ago
I looked at Astaro a couple of years back and they were pretty well on it. The price range was about what you were looking for and they had all the features we needed:
http://www.astaro.com/solutions/network-security
Best of all, at the time they had a VMware appliance you could test drive and see if you liked the interface. It’s Linux based w…[Read more]
-
former33t replied to the topic How to pass HR screenings: load up on certs or go back to school? in the forum Career Central 10 years, 5 months ago
@ziggy,
That’s unfortunate. I understand it when its the feds doing it (I stopped trying to explain any craziness years ago). When its the private sector, I lose a little of my hope in humanity…
-
former33t replied to the topic How to pass HR screenings: load up on certs or go back to school? in the forum Career Central 10 years, 5 months ago
Pardon me while I throw a fly in the ointment. My response won’t hold a candle to Sil’s (as usual, awesome post Sil), but I have to say that depending on the job you want there IS a right answer. If you are looking for a federal government job or a job working as a contractor to the federal government, get a four year degree (I see that you h…[Read more]
-
former33t replied to the topic HP to buy Arcsight in the forum News from the Outside World 10 years, 5 months ago
I’m not sure that I take the paranoid view, but this is nothing but bad news for ArcSight customers from where I sit. Any time you have heavily invested in an architecture and that architecture is absorbed by a new company, you are in for bad news. Support is never the same. HP is monolithic and generally slow to respond to company demands (a…[Read more]
-
former33t replied to the topic Cryptography related question in the forum Other 10 years, 6 months ago
Like sil said, post this on a crypto forum and you’re bound to get better answers. I took a crypto class in college a couple of years ago though and I seem to remember that there was a keyspace reduction attack against triple DES. I remember the question coming up in class why not increase the key length and the instructor went through a proof a…[Read more]
-
former33t replied to the topic Privilege excalation in the forum Network Pen Testing 10 years, 6 months ago
So this won’t work every time, but you need to rescan the box for vulnerable servies from the unprivileged shell. Especially for legacy services, you may note that a favorite vendor “fix” is to tell you to firewall the service so it can’t be hit from outside. If you got on the machine, you are now on the trusted network… whack away!
On *nix d…[Read more]
-
former33t replied to the topic Google Briefly Punishes Oracle by Removal from Google Search in the forum News from the Outside World 10 years, 6 months ago
Sorry guys, I take another approach on this one. I think that Oracle has taken an indefensible stance on the lawsuit over Android’s use of Java. The fact that it was only done briefly (and silently) makes it seem juvenile. On the other hand, if they just came out with the big middle finger, I’d be all for it. I was a big Sun supporter, inc…[Read more]
-
former33t replied to the topic Anyone did OSCE (CTP) ? in the forum OSCP – Offensive Security Certified Professional 10 years, 6 months ago
I start on the 29th, so I’ll be sure to try to fill in the blanks as I go. I haven’t done OCSP, so taking on the OCSE was a little intimidating. I finally decided that I had enough interest in the topic to invest the time and enough background to not be wasting my money so I bit the bullet and went for it. I’ll post back by mid September and le…[Read more]
-
former33t replied to the topic Skill Trends in the forum News from the Outside World 10 years, 6 months ago
Consider the source. It’s certmag. I’m not surprised if they are surprised by anything…
-
former33t replied to the topic ShmooCon 2011 in the forum Calendar Of Events 10 years, 6 months ago
Without a doubt.
-
former33t replied to the topic DefCon: What I liked and didn't like in the forum Other 10 years, 6 months ago
I’ll add to the sentiment that there were too many people for the Riv. DEFCON either needs a new location next year or it needs to pre-sell tickets and limit numbers (like ShmooCon). Personally, I’m all for a new location.
So H1t M0nkey, I agreed with some of your picks and I didn’t get to see the last two. I wasn’t very impressed with the Ma…[Read more]
-
former33t replied to the topic Cornell 'Spider' in the forum Other 10 years, 6 months ago
Sil brings up a great point. I LOVE open source software for home use. I’m not a fan for work use. It’s been my experience I spend more time dealing with build problems, updates, broken features, etc than is worth it to save the cost (not to mention they usually have a smaller feature set).
If you are planning to use anything with version 0.…[Read more]
-
former33t replied to the topic Vegas, DefCon, and Contact Info in the forum Other 10 years, 7 months ago
Ditto all. I’m only heading out for DEFCON, but I’m definitely interested in a meet and greet.
-
former33t replied to the topic Recommended Security/Encryption suite in the forum Compliance, Regulations & Standards 10 years, 7 months ago
I’m with Sil on using Voltage. They simplify key management and data recovery, which will be your biggest concerns in any company of more than say five employees… A truly stable PKI implementation for a company of your size will cost a LOT to deploy in terms of man hours. I have to assume that you have a full time job before trying to d…[Read more]
-
former33t replied to the topic CREA – GPEN or GREM in the forum Other 10 years, 8 months ago
I haven’t taken GREM so I can’t speak to that (yet). Although I am getting ready to challenge it so I can mentor a course in my area. I did pass the CREA after taking the accompanying InfoSec Institute course. InfoSec and IACRB have the same type of relationship as SANS/GIAC (just so you know).
Several people I work with have taken the GREM co…[Read more]
-
former33t replied to the topic Google Dropping Windows For Internal Use in the forum News from the Outside World 10 years, 9 months ago
I’m with you guys. I think this is sensationalist journalism at its best (or at least as good as it gets when it comes to technical topics). I strongly suspect the original article uses selective quoting quite liberally (where they only publish quotes from sources that support the article without acknowledging competing viewpoints). Bad journalism.
-
former33t replied to the topic New web application crawler in the forum Web Applications 10 years, 9 months ago
Let me know when it is ready for testing.
-
former33t replied to the topic New phishing attack emerges — Tabnabbing in the forum Malware 10 years, 9 months ago
That is pretty slick, but I don’t regularly log into a form just because it is there. The power of suggestion is strong, but not that strong (for me anyway).
There are a good number of users that will fall for that though. Thanks for the heads up.
- Load More