-
ElianaJones and
jimbob are now friends 2 months, 3 weeks ago
-
jimbob replied to the topic Web site forensics in the forum Forensics 7 years, 11 months ago
Off the top of my head here’s a couple of things you need to look at for forensic exam post-compromise on a web server. No doubt there’s some repetition of what’s been said but here goes.
- Logs – check the access logs for the web server for attack strings, access to admin pages and anything else that looks anomalous e.g. access to backdoor…
-
jimbob replied to the topic QUESTION in the forum Tutorials 8 years, 1 month ago
Welcome to ethicalhacker.net. You’ll find a lot of like minded people here and a lot of answers to the same question you are asking. Start by searching the forums, you’ll find that most people suggest one or more of the following:
- Learn all you can about computers
- Learn to program
- Read, read, read.
There are a lot of good resources out there.…[Read more]
-
jimbob replied to the topic Is this keylogger on your computer? in the forum Network Pen Testing 8 years, 1 month ago
That’s an interesting take on things. Yes, people do have a habit of storing interesting info like passwords in plaintext files. While they are not exactly keyloggers it’s basically a different means to the same end. Trawling home directories is a great way to start privilege escalation and jumping to other systems and services.
Regards,
Jim -
jimbob replied to the topic Cost of the logs storage in the forum Other 8 years, 1 month ago
@tturner wrote:
There’s a big difference between collecting and alerting
Agreed. The big issue is what to expose via alerts, dashboards etc. and what to keep. If capacity is not an issue keep everything. By all means trim down on noisy alerts that add no value but let the value of this filter down. Frequently you don’t know what you need until…[Read more]
-
jimbob replied to the topic Cost of the logs storage in the forum Other 8 years, 1 month ago
Hi,
I would approach this from a different angle. Storage is comparatively inexpensive so trying to justify reducing a retention period on this basis may be hard. It may be easy to counter your argument with space is cheep, we will keep everything forever.What is your reason for wanting to reduce the retention period? I assume you mean to get…[Read more]
-
jimbob replied to the topic Find the Blackmailer in the forum Ethical Hacktivism 8 years, 1 month ago
There are good people in law enforcement who are capable of conducting an investigation of this sort. What’s more they have powers to gather ISP logs and other information with a warrant to discover the identity of the culprit.
This is a sad tale but taking upon yourself (or expecting it from another) to investigate this type of incident may be…[Read more]
-
jimbob replied to the topic How long does it usually take for a book to be considered obsolete? in the forum Opinions 8 years, 1 month ago
@Matthias2012 wrote:
Do you know/remember what happens if you place .LOG(CR/LF) in the first line of a txt-file and open it with notepad.exe?
I’ve never come across that one before, nice.
Books date at different speeds depending on the technology and the quality of the writing. Some older books like The Art of UNIX Programming are well worth…[Read more]
-
jimbob replied to the topic Prince William IT Security Issue! in the forum Other 8 years, 1 month ago
It never fails to amaze me how people still put passwords on sticky notes. I would expect the armed forces to know better.
Jim
-
jimbob replied to the topic privileges of law enforcement authorities in the forum Compliance, Regulations & Standards 8 years, 2 months ago
@artistic wrote:
The privileges of law enforcement authorities – are they over privileged or not and why?can you please share your opinion and expalin.
I think the powers given to law enforcement are massively disproportionate. Large motorcycles, advanced pistol weapons and the role of judge, jury and execution in one does not allow for proper…[Read more]
-
jimbob replied to the topic SQL Injection Question in the forum Web Applications 8 years, 2 months ago
@digitalvampire wrote:
This is what they suggested as the correct statement:
SELECT * FROM admins WHERE user = ” OR 1=1 OR ‘1’=’1′ AND pass = ”
Why are the two true conditions in there.. not sure why that fixes it?
What they may have meant was something like this:
SELECT * FROM admins WHERE user = '' OR 1=1 AND pass = '' OR 1=1
The two…[Read more]
-
jimbob replied to the topic reliable remote code execution for IIS on Server 2008? in the forum Network Pen Testing 8 years, 7 months ago
Don’t forget to think out a deeper solution. If you can get file upload on the server you can upload arbitrary binaries and ASP content to achieve this. Don’t think of pen testing as, “I have one exposed service, is there a remote exploit?” Can you find SQLi and execute code that way?
Regards,
Jimbob