-
hayabusa replied to the topic My father is hacking me?! in the forum Incident Response 10 years, 7 months ago
@former33t wrote:
To be able to hackReading comprehension ftw:
So the computer has RAS enabled so dad can help out when he’s not around… he doesn’t need to be an NSA cracker. He doesn’t even need to be able to hack his way out of a paper bag. He has access to the machine. Full disk encryption won’t fix that. It won’t even help.
If you…
-
caissyd replied to the topic webapp pricing in the forum Web Applications 10 years, 7 months ago
@dante: Thanks for pointing out unclear posts!
@former33t: I agree with you, but something we both forgot to mention is WHERE you work. Big cities may pay more than small ones, competition is different everywhere and countries also make a huge difference.
Oh and yes, I am incorporated… 😉
-
MaXe replied to the topic webapp pricing in the forum Web Applications 10 years, 7 months ago
@former33t wrote:
I do know what I get paid though so I would guess you aren’t getting out with any quality testing done for under $3k.
If the price was $3k, how much time would you expect to use on such a pentest then? I’m just wondering since I honestly don’t know the overall pricing either 😉
-
mallaigh replied to the topic How to pass HR screenings: load up on certs or go back to school? in the forum Career Central 10 years, 8 months ago
Thanks for the great responses former33t and Ketchup. I would say everyone has brought up valid point in helping me figure this out (and hopefully other readers).
@former33t wrote:
Bottom line, go get Security+ or CISSP (associate since you don’t have the experience) or anything else on the DoD 8570 matrix.
Sounds like a good idea. Like I sa…[Read more]
-
ziggy_567 replied to the topic How to pass HR screenings: load up on certs or go back to school? in the forum Career Central 10 years, 8 months ago
Its not just the feds that prefer 4-year degrees. I worked for an Engineering firm a few years back that basically put a glass ceiling on all non-degreed employees. A college grad could come in making more than a non-degreed employee with 10 years experience! It all goes back to, “It depends.”
-
hayabusa replied to the topic Privilege excalation in the forum Network Pen Testing 10 years, 8 months ago
@former33t wrote:
Last, remember that you don’t have to be root to get valuable information. If on a db server, I really want the db, mail server == mail…
sil and former33t went further for you on where I was leading. End point is, exactly as former33t put it in the quote above… Ultimately, at the end of the day, the point is showing wh…[Read more]
-
MaXe replied to the topic Anyone did OSCE (CTP) ? in the forum OSCP – Offensive Security Certified Professional 10 years, 9 months ago
@dynamik: The syllabus gives an idea of what to expect: http://www.offensive-security.com/documentation/cracking-the-perimiter-syllabus.pdf and you should be able to complete http://fc4.me/ as well. You can try out the FC4.me challenge without registering.
The skills I think that are required to do the course only would be:
– Web Application…[Read more] -
Dark_Knight replied to the topic DefCon: What I liked and didn't like in the forum Other 10 years, 9 months ago
@former33t wrote:
I’ll add to the sentiment that there were too many people for the Riv. DEFCON either needs a new location next year or it needs to pre-sell tickets and limit numbers (like ShmooCon). Personally, I’m all for a new location.
So H1t M0nkey, I agreed with some of your picks and I didn’t get to see the last two. I wasn’t very im…
-
sandcrawler replied to the topic Anyone been to DEFCON? in the forum Other 10 years, 12 months ago
@former33t – Glad to help!
@Grendel – Glad to hear they’ve got the space issues taken care of and that socializing is going well into the early morning. I think that’s one aspect of 14 I missed was the “after party.” I remember the darts now that you mention it too. I was there mostly for the lockpicking at first but didn’t do nearly as well as…[Read more]
-
BillV replied to the topic DoD Directive 8570 in the forum General Certification 11 years, 1 month ago
@former33t wrote:
I know some government employees that are looking for new positions because they can’t pass exams (or “don’t want to deal with the headache”). Better for all of us I say…
Yep, agree. I’m currently contracting and due to someone I work with (gov’t employee) not interested in passing exams, I might have a good shot at getting…[Read more]
-
UNIX replied to the topic 1024-bit RSA encryption cracked by carefully starving CPU of electricity in the forum Malware 11 years, 2 months ago
@former33t wrote:
In the US, you are required to submit research on number theory to DoD for pre-publication review (the original intent was to give them a heads up on a prime factorization flaw to avoid breaking public key crypto).
Interesting, didn’t know that before. Looking forward to the full paper as well.
-
rattis replied to the topic Sad story about what happens when you don't hire a pro.. in the forum News from the Outside World 11 years, 2 months ago
@former33t wrote:
Even if they were with a hosting company (and I think they were) the hosting company is not liable for hackers on your website. Nothing comes cheap in computing (especially security). I had a client with a hosting site who didn’t update joomla (CMS) and got exploited.
Not trying to argue, but it depends on the hosting c…[Read more]
-
BillV replied to the topic A cautionary tale for Penetration testers on live networks in the forum Network Pen Testing 11 years, 2 months ago
@former33t wrote:
Bill, I love the idea you shared about the outlandish ideas. I’ll be sure to use this both in consulting and at my normal job. My boss routinely ok’s things that I’m positive he doesn’t comprehend (and as a result doesn’t read). A reality check might force a positive change.
Yeah, absolutely. Not only gets them to ac…[Read more]
-
hayabusa replied to the topic Why Doesn't Microsoft Look for Its Own Bugs? in the forum Malware 11 years, 2 months ago
@former33t wrote:
Some companies are content knowing that a professional would have to expend > X man weeks to exploit the platform the code is running on. That’s how lots of these get found.
Agreed. I know of a few software companies, whom I’ll allow to remain nameless, so I don’t get hung by my contacts for bringing them into the s…[Read more]
-
rattis replied to the topic silly question: Where does it all go? in the forum Programming 11 years, 2 months ago
@former33t wrote:
That video sucks.
The networking instructor introduced herself and played the video to “get our feet wet in networking”.
(showing the video was a joke but I wasn’t laughing…).I wouldn’t go that far. I think that’s right up the alley for my parents if they ever wanted to understand networking, or I forced them to understand…[Read more]
-
j0rDy replied to the topic [Article]-Feb 2010 Free Giveaway Winners – Syngress Publishing in the forum News Items and General Discussion About EH-Net 11 years, 2 months ago
@former33t wrote:
Awesome. I couldn’t be happier. I’ll be sure to post book reviews as I get the books (and read them of course).
Thanks Don for a great site with great sponsors!
congrats! can’t wait to see the reviews!
@hayabusa: just wait until you received the books, them the drooling will start for sure!
-
Gmoraes replied to the topic North Korean Cyber Attack? in the forum News from the Outside World 11 years, 10 months ago
@former33t wrote:
Well, China is always my favorite country to blame. Due to the lack of sophistication, I don’t think that the attack came from China.
Thats a stupid comment. Go read about china!
-
UNIX replied to the topic Suggestions for security projects wanted in the forum Network Pen Testing 11 years, 10 months ago
Your CTF project sounds interesting, good lock. I also like that you will offer something to play with also for the unexperienced users. 😉
I am not sure if you understood my initial posting correct or if I misunderstood you last post. I am not looking for specific guides/ videos etc. for myself but thought about offering such things to others. I…[Read more]
-
timmedin replied to the topic Log cleaning in the forum Tools 11 years, 10 months ago
@former33t wrote:
Yeah, that thought hadn’t escaped me, but you wouldn’t believe the number of INTERNET ACCESSIBLE boxes I find in pen tests that are only logging locally.
… Sad, but very true.
I did figure out if you send the send the correct kill signal you can pause lots of logging, clear out the stuff you want removed, and then restart…[Read more]
-
Anonymous replied to the topic Cybersecurity Plan to Involve NSA, Telecoms in the forum News from the Outside World 11 years, 10 months ago
- Load More
show less
show more
@former33t
former33t
Upcoming Webinars
– EH-Net Live! Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!
Recent Articles
-
Wireless Pentesting Part 4 – Performing an Actual Wireless Pentest October 9, 2020
-
Video: Android Hacking Proving Ground September 29, 2020
-
Webinar: Android Hacking Proving Ground September 14, 2020
-
Video: TryHackMe – Behind the Curtain September 2, 2020
-
Wireless Pentesting Part 3 – Common Wireless Attacks August 25, 2020
-
Intro to Blockchain as a Service (BaaS) August 18, 2020
-
Webinar: TryHackMe – Behind the Curtain August 17, 2020
-
Video: CISO Underrepresented July 31, 2020
