-
n37sh@rk replied to the topic Asking the community for help in the forum Network Pen Testing 6 years, 5 months ago
Maybe find an application or company with a bug bounty and step through testing their application showing each step and how you moved through. Obviously with in the scope of the bug bounty program.
-
n37sh@rk replied to the topic Career Advice in the forum Other 6 years, 5 months ago
Thanks a bunch! I actually have a contact that is working on the project I didn’t know they were looking for more help. I will have to talk to them while I am at Derbycon. I will definitely be looking into the Security Tube I heard the Python course is pretty good. Thanks for all of your advice.
-
n37sh@rk replied to the topic Career Advice in the forum Other 6 years, 5 months ago
Dynamik thanks for the advice. I am currently working on my BS in IT Security Emphasis. I am currently in a “consultant” position where I am doing Vulnerability Assessments and Awareness Training. When I am not doing that its Help Desk/Sys Admin.
As for programming knowledge I have a very little, I find it hard to learn programming with out a…[Read more]
-
n37sh@rk replied to the topic Career Advice in the forum Other 6 years, 6 months ago
Grendel,
You have a very good point, I think that is something that I might have kind of been influenced per say by the talk of offense and defense.
Thanks for your insight, it is always good to hear from people that have been around the industry longer than I have.
-
n37sh@rk replied to the topic CASP VS GSEC in the forum General Certification 6 years, 7 months ago
Thanks for the link! That is the exact one I am following in making my index. I have talked to a lot of people and they have all said having a good organized index is the key to passing.
-
n37sh@rk replied to the topic Duplicate Vulnerable VM's that have 30 day windows trial. in the forum Other 6 years, 8 months ago
Thank for your help. I will let you know the outcome.
thanks.
-
n37sh@rk replied to the topic Duplicate Vulnerable VM's that have 30 day windows trial. in the forum Other 6 years, 8 months ago
Correct there is a baseline VM that we want to use. slmgr -rearm from the research I have done dose not seem to work in XP I would have to use the rundll32.exe syssetup,SetupOobeBnk. That is supposed to only let you do it 4 times as well. I like the idea of using a script to automate on boot up just run the command and then delete it self so that…[Read more]
-
n37sh@rk replied to the topic Pent test question in the forum Other 7 years, 4 months ago
No Problem! If i’ve learned anything its that sharing is caring 😀 lol
-
n37sh@rk replied to the topic Certification plans for 2014? in the forum General Certification 7 years, 4 months ago
I did I got my C|EH and CPT. Saving up for OSCP and eCCPT now. those are my hopes for next year.
-
n37sh@rk replied to the topic Pent test question in the forum Other 7 years, 4 months ago
It was a physical style attack(use imagination) and it was easier to bypass a-lot of things, already being employed gets you by a-lot of security. so hypothetical situation…. you go to a conference as upper management and think nothing of it when companies like dell are handing out free USB drives then you plug it in. (Insert type of attack…[Read more]
-
n37sh@rk replied to the topic Pent test question in the forum Other 7 years, 4 months ago
Thanks UKSecurityGuy ! I made my CEO freak out so bad she sent out an email with in minutes stating that no random USB drives be plugged in something I had been trying to get done for a while! Thank you Rubber Ducky 🙂 I do agree with the Rouge AP point that you made i wouldn’t want to grab anyone’s personal info during the test. Thanks for the…[Read more]
-
n37sh@rk replied to the topic Pent test question in the forum Other 7 years, 4 months ago
this is going to sound funny but the CEO gave me a the go ahead as long as I don’t crash anything in production it really is a free for all. I suppose now that I saw that out loud i could find an unlocked computer and use a rubber ducky script to call back to my testing machine and get shell that way. I hadn’t heard of Open VAS I am going to scan…[Read more]
-
n37sh@rk replied to the topic Pent test question in the forum Other 7 years, 4 months ago
There is anti-virus it is AVG. I have tried other exploits for the Veritas application and none of them work. Yes i am running metasploit other tool that you would recommend? Im really looking for other possible ways of finding vulnerable applications other than an nmap scan that shows the ports and what service version there is.
-
n37sh@rk replied to the topic DerbyCon 3.0 in the forum Calendar Of Events 7 years, 5 months ago
I attended as a first timer and found it amazing! The people were friendly no one was standoffish I actually just walked up to a purple people and started talking. Didn’t get a Jane to try the CTF but heard people talking about inane sounded awesome. Some of the talks I liked the best we’re the recon-ng framework by Tim Tomes, Active defense but…[Read more]
-
n37sh@rk replied to the topic DerbyCon 3.0 in the forum Calendar Of Events 7 years, 5 months ago
I’ll be attending. Any recomendations for a first timer?
-
n37sh@rk replied to the topic Passed the GWAPT in the forum Security 7 years, 5 months ago
Congrats!!
-
n37sh@rk replied to the topic Elearnsecurity Student in the forum Network Pen Testing 7 years, 6 months ago
I look forward to hearing more about this I am in the process of trying to determine my next class. I am like you and don’t necessarily like or have a firm grasp of scripting or programming. I twill be interesting to hear how you feel with that skill set after the class.
-
n37sh@rk replied to the topic HIPPA Regulations for Pen Testing in the forum Other 7 years, 6 months ago
Will do I have found this to be a great recourse in getting information and things going.
-
n37sh@rk replied to the topic HIPPA Regulations for Pen Testing in the forum Other 7 years, 6 months ago
Thanks! That is a great start thank you for you help and pointing me in the right direction. I do agree though that a BAA is a very huge piece that needs to be in place before anything can happen on either side.
-
n37sh@rk replied to the topic HIPPA Regulations for Pen Testing in the forum Other 7 years, 6 months ago
I have done some research and the only thing I have found was a NIST document relating to the HIPPA Security Rule. That details risk analysis from an internal stand point but I am not sure how it takes into account specifically a targeted attack from a contracted company. I know that legally there have to be a business associate agreement but…[Read more]
- Load More