-
Jhaddix replied to the topic [Article]-Book Review: BackTrack 4: Assuring Security by Penetration Testing in the forum Book Reviews 9 years, 6 months ago
Wesley is awesome, and i respect his opinion =)
If you read carefully we actually have the same ideas about the book but draw different conclusions.
I see it as the only up to date reference atm, and being so cheap, for anyone who wants to get into pentesting or has no idea about backtrack, it is a great resource.
Comparing it to WAHH by…[Read more]
-
Jhaddix replied to the topic Security Career WITHOUT Becoming a Network Administrator? in the forum Career Central 9 years, 7 months ago
I know a few people out of college who did security work right away, but they were all-stars and were already focusing on hacking/pentesting while still attending university. Some were doing CCDC or Defcon CTF, others were doing projects on heuristic IDS or other security tool development.
If your major is directly related then it is more…[Read more]
-
Jhaddix replied to the topic Why I (Hate||Love) tools in the forum Tools 10 years, 4 months ago
Hey Sil,
I have a cheatsheet for command line scripts and workarounds that i use often. Most of them are from Ed Skoudis and other pentesters who trade ’em around. When you first show them to people they lol… and then they cry when they cant use nmap.
Ill host my cheatsheet up later this weekend. Good post.
Here’s one for Directory Bruteforcing i did.
-
Jhaddix replied to the topic Learn Security Online in the forum Security 10 years, 4 months ago
Sorry just let me clear up this post:
ElearnSecurity and LearnSecurityOnline are two COMPLETELY different trainings..
Elearn is in the middle of UPDATING their first revision of Penetration Testing Pro, which was awesome. The main guy to talk to there is Armando Romeo (armando@elearnsecurity.com)
LSO is in the middle of completely restructuring…[Read more]
-
Jhaddix replied to the topic Learn Security Online in the forum Security 10 years, 5 months ago
Hey BlueEyedSamurai,
I know the authors pretty well, they have some good stuff. Right now they are trying to restructure the course. You should email joe@learnsecurityonline.com and ask him what he’s got going on atm.
-
Jhaddix replied to the topic Privilege excalation in the forum Network Pen Testing 10 years, 5 months ago
Also if we’re talking network level shell (not webapp/php/etc) Metasploit has some built in privilege escalation exploits in the priv module (meterpreter) and after patch tues a few weeks ago more should be coming 😉
meterpreter > use priv
Loading extension priv…success.meterpreter > getsystem -h
Usage: getsystem
Attempt to elevate your p…[Read more] -
Jhaddix replied to the topic New OffSec Course: Metasploit Unleashed – Mastering the Framework in the forum Network Pen Testing 10 years, 5 months ago
Whats funny about this is that it seems to have happened out of need not want….Â
Rapid7 and HD Moore said “SANS New Class is the official Metasploit Training” so obviously people on twitter asked “what about Metasploit Unleashed?” and HD replied ” We will continue to link to it as long as it is updated”
And hey… look at that! Updates!
😉
-
Jhaddix replied to the topic Mobile Devices Penetration Testing in the forum Mobile 10 years, 5 months ago
There was a really good presentation at Bsides by one of the Intrepidis guys on this. He attacked the protocols, auth mechanisms, and other aspects using a variety of MiTM attacks… Ill see if i can dig it up.
Mallory is gonna be sweet for this.
-
Jhaddix replied to the topic HTTP header: PUT, DELETE, etc in the forum Web Applications 10 years, 5 months ago
DAVtest is a newer tool for testing extensive web server options,
http://code.google.com/p/davtest/
it has also been implemented as a Nmap script, check out the scripts directory for more information.
The default shell it will give you is limited, i replace it with the new meterpreter PHP payload. Or you can supplement with Ironfist’s AJAXShell…[Read more]
-
Jhaddix replied to the topic Best WebApp Pentest Course? in the forum Web Applications 10 years, 5 months ago
I know i’m resurrecting an old thread, but having taken all the courses that have been mentioned in this thread i can offer the following:
GWAPT has a great methodology, but it does lack in some of the technical areas. It covers the domains of app testing, the best and most current tools, intros to scripting languages, and lots of application…[Read more]
-
Jhaddix replied to the topic Security Tools Website in the forum Tools 10 years, 5 months ago
There are a few initiatives for this kind of documentation out there atm. One i like a lot is:
http://tools.securitytube.net/index.php?title=Main_Page
Which has syntax and videos for a lot of tools.
gl!
-
Jhaddix replied to the topic Who's going to DefCon? in the forum Other 10 years, 7 months ago
ill be there sunday-sunday, we should all grab some drinks!
-
Jhaddix replied to the topic How to Penetration Test WebServices (WSDL) in the forum Web Applications 10 years, 8 months ago
Also CG did an excellent writeup of XPATH injection right here on EH.net =) Gives some tool mentioned above:
-
Jhaddix replied to the topic How to Penetration Test WebServices (WSDL) in the forum Web Applications 10 years, 8 months ago
feed the wsdl to founstone’s WSDigger, then go to the top menu and chose to run tests, this will check for commonly known injection attacks.
Sec542 has a whole section on webservice hacking =)
-
Jhaddix replied to the topic Hakin9 Magazine (any subscribers here?) in the forum Other 10 years, 9 months ago
Ha! Check out the author for the Ferruh interview 😉
-
Jhaddix replied to the topic [Article]-March 2010 Free Giveaway Winners – Offensive Security in the forum News Items and General Discussion About EH-Net 10 years, 9 months ago
I expect writeups from all of you! Congrats! =)
-
Jhaddix replied to the topic Joomla Getting Hammered in the forum Web Applications 10 years, 9 months ago
I <3 JOOMLA (and Codeigniter)
gimme gimme
-
Jhaddix replied to the topic PDF exploited without vulnerability in the forum News from the Outside World 10 years, 10 months ago
Testing a /dev/tcp version atm that will send goodness over the wire in *nix =)
-
Jhaddix replied to the topic PDF exploited without vulnerability in the forum News from the Outside World 10 years, 10 months ago
So, metaphish uses this functionality only with javascript. I believe Dave Kennedy will be implementing into SET (the Social Engineering Toolkit) soon =)
So many ways to trick the user =(
-
Jhaddix replied to the topic Hacking music of choice in the forum Opinions 10 years, 10 months ago
I used to love Pandora untill i found Grooveshark 😉
- Load More