Kev

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 412 total)
  • Author
    Posts
  • #28449
     Kev 
    Participant

    Thats why its better to learn Linux and develop your own “attack OS”, rather than having to wait around (sometimes for years) for someone to fix something.  Developing a chosen distro with all your favorite tools is not difficult to do and the reward will be significant.

  • #30391
     Kev 
    Participant

    Thought I would throw my sorry 2 cents in on this topic as someone that has been pen testing for longer than I care to admit.  Having a degree is good but not absolutely critical. However, it will definitely open doors faster for you, that is if you don’t having any contacts or rep. Having a good reputation because you know your stuff and a few friends can catapult you into the industry faster that you can say “buffer overflow” regardless of diplomas or certs.   But hey, you might just learn something if you go to college, hopefully more than the 3 French words I remember years later,lol!   You might want to get a 4 year degree in computer science, but your masters in business. This will give you a lot of flexibility and still make you a prime candidate for a security firm.  Flexibility is a key to survival in life and a great mental attribute to have for hacking. What if you find you hate doing pen testing for a living?  For most of us it requires a lot of travel and I have seen a number of marriages end due to this. Traveling 30 or more times a year seems cool when you’re young but believe me it gets old fast. Good god every hotel room is the same!  What really sucks is you don’t have any time to sight see! I have been to every major city and I could not really tell you much about them.  

    Working with the military can be a good career and it can mean being hired by the DOD if you are a civilian, just make sure you can get a security clearance.  In other words, if you go to college drink responsibly!  If you ever get any kind of arrest you will find it very hard to get a security clearance. Well, unless you run for president or congress, lol!   Anyway, I have one acquaintance that has a dream job working for the DOD but has to live in Germany pen testing military bases throughout Europe.  

  • #29054
     Kev 
    Participant

    There are a lot of good sites that guide you on tweeking 7 for speed and I have had some good results following their suggestions.  I actually found it very fast and much improved. Its a good OS for general home entertainment use.

  • #30870
     Kev 
    Participant

    I have used Core a lot to test vulnerabilties if I am attacking the network internally. It does a great job and is an asset to a pentester’s tool box. However, if I am attacking from the “outside” I find its way too noisy. I hate getting shut down or alerting anyone of my attack early on, although sometimes I am amazed how asleep at the wheel some folks can be!

    I still follow the concept of attacking a network the way a hacker would. Most black hats that I have been aware of dont have access to tools like Core and use more simple and stealth techniques. Thats been my experience.

  • #30860
     Kev 
    Participant

    Sorry but you are not going to be able to accomplish what you are trying to do unless you can exploit the target system. If its not vulnerable to an exploit you are sol. Its ironic that home systems with fewer services running on them connected with a basic wireless router can “sometimes” be harder targets to exploit than over worked large corporate servers running too many outdated applications.

  • #28317
     Kev 
    Participant

    If this is a legitimate pentest, then its all about the rules of engagement that you should have clearly defined and agreed upon in advance. This kind of technical consideration has nothing to do about ethics. Its not “cheating” and if the IDS is vulnerable then its vulnerable and needs to be exposed as such by either you being allowed to attack it or at least identity the vulnerability in a well detailed report.

    Most will not want you to take down a server if it disrupts the network so that’s why we usually have to be careful when we are doing any kind of exploit.  If its just running IDS and you feel taking it down wont be disruptive and such an attack is defined in writing, then by all means. Btw, just having it written out is not enough. You need to sit down with the powers that be and go over each point to make sure they clearly know what you might do and the possible problems that might occur.  It really doesn’t help you much after the fact to show the fine print in your agreement to the CEO, who never understood it any way, explaining your action if you accidentally knocked out the corporate network.

  • #28300
     Kev 
    Participant

    Welcome aboard. If you have a Secret Security clearance you are in great shape!

  • #28286
     Kev 
    Participant

    As far as the onboard wireless available on laptops, I wouldn’t be too concerned.  If you are going to just hack your home router then that’s fine and those laptops that use the atheros chip are usually fine for injecting.  Later when you do professional work you will more than likely find you need a good external antenna. The reason being is hackers don’t attack wireless sitting in the main lobby of a business, unless it’s a mall or airport or something similar.  In my experience hackers sit some distance from the building and attempt to make their breach.  You will find onboard wireless is usually not strong enough to inject from a distance that allows you to be stealth.  I am not saying there aren’t people that are once in a while lucky injecting and cracking their neighbor’s wireless with their onboard wireless, but that is way to “iffy” to be considered professional in my opinion.  You might argue that vulnerability is vulnerability regardless if I do attempt to make the breach sitting in the office of the CEO or lobby of the company or way out at the end of the parking lot, but I would have to disagree.  For instance, I have had a few occasions where I was able to inject and access the wireless while inside the building but the moment I was outside I found it impossible. This could have been due to the kind of paint and metal construction of the building. This particular building had extremely good physical security so it was extremely doubtful anyone unauthorized could get in. Workers there already had access so they had no need to crack it and any terminated employee is escorted from the premises.  How one might write this report might be an interesting topic for another thread. Yes it was vulnerable technically, but was it really?   In my opinion a first class wireless attack has to include a breach attempt from inside and outside the perimeter with a reasonably powerful external antenna. Again, don’t get too hung up with what’s onboard unless you are just thinking about experimenting with your home network, but eventually I would recommend attacking it from outside your house so you can see the limitation of onboard wireless.

    Also, if anyone reading this is new to the subject and wants to get started but is looking at cheap or second hand laptops, be a little careful. Linux has come a long way but you still will find it doesn’t always support every chipset.  I would recommend you burn a copy of Ubuntu or Backtrack and try and boot it first to make sure.  Boot it all the way to the gui with startx.   You will save yourself from some headaches.  

  • #28276
     Kev 
    Participant

    I have been using an Acer 5610z for some time now and it dual boots Windows and Linux perfectly.  Its 15” screen is great for my bad eyes and it’s what I use when I have access to AC. If I am cracking wireless, I use a smaller version with just a 10” screen and a slower 5200 rpm hard drive. When I am auditing wireless I tend to be very mobile so good battery life is important.  Make sure you get at least 1 gig of memory and a decent size hard drive, say 250 gigs or more.  Intel seems to have the edge with CPUs at this time and the more onboard CPU cache the better.

    If you want to get the cold shoulder at the next Defcon, I would suggest walking around with a Dell and hand out your AOL email address.  It’s interesting to see how many people there walk around with nice looking small black ThinkPads.  ThinkPads are good but you have to be careful about not holding it by the screen or you can cause it to crack. One thing I can say about Dell is they seem rugged.  I have dropped them and they still seem to keep ticking, but I might have been one of the few fortunate.    However, if you want the image of choice for the leet and if you care about such things, then go with the ThinkPAd.  It always makes me smile when I see nerds trying to impress other nerds, LOL. 

  • #28252
     Kev 
    Participant

    All the best !  ;D

  • #26932
     Kev 
    Participant

    Sorry Termight but he promised to be my mentor first!  I like that name termight or termite.  A termite has an amazing way to tunnel in and own a house or wood.  Wood being a vulnerable place, block being a little more secure.  Very good.

  • #28243
     Kev 
    Participant

    In my experience, the most you can hope is for a major corporation to view security as a necessary evil. No matter how you sell it, they see it as an expense against their bottom line.

  • #28232
     Kev 
    Participant

    Not sure why someone following you from one forum to another would bother you. If that person is harassing you with posts, explain the situation to the site admin and he should be happy to ban them.

  • #28246
     Kev 
    Participant

    Nice hack!  Yeah, if I run into you at the next Defcon I will buy you a beer,lol.

  • #28204
     Kev 
    Participant

    As Ketchup mentioned, you really need to get your hands on the browser and preferably the source code, though having the source code isn’t always critical. Depending on the size of the program, we can sometimes produce some exploits just by fuzzing.  Going to an exploit site and just blindly blasting them at a program that was privately written is more than likely going to fail. In theory you could get lucky depending on how much code might have been “borrowed”, but the odds are very much against it. 

Viewing 15 posts - 1 through 15 (of 412 total)

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?