n37sh@rk

Maybe find an application or company with a bug bounty and step through testing their application showing each step and how you moved through. Obviously with in the scope of the bug bounty program.

Thanks a bunch! I actually have a contact that is working on the project I didn’t know they were looking for more help. I will have to talk to them while I am at Derbycon. I will definitely be looking into the Security Tube I heard the Python course is pretty good. Thanks for all of your advice.

Dynamik thanks for the advice. I am currently working on my BS in IT Security Emphasis. I am currently in a “consultant” position where I am doing Vulnerability Assessments and Awareness Training. When I am not doing that its Help Desk/Sys Admin.

As for programming knowledge I have a very little, I find it hard to learn programming with out a…[Read more]

Grendel,

You have a very good point, I think that is something that I might have kind of been influenced per say by the talk of offense and defense.

Thanks for your insight, it is always good to hear from people that have been around the industry longer than I have.

Thanks for the link! That is the exact one I am following in making my index. I have talked to a lot of people and they have all said having a good organized index is the key to passing.

Thank for your help. I will let you know the outcome.

thanks.

Correct there is a baseline VM that we want to use. slmgr -rearm from the research I have done dose not seem to work in XP I would have to use the rundll32.exe syssetup,SetupOobeBnk. That is supposed to only let you do it 4 times as well. I like the idea of using a script to automate on boot up just run the command and then delete it self so that…[Read more]

No Problem! If i’ve learned anything its that sharing is caring 😀 lol

I did I got my C|EH and CPT. Saving up for OSCP and eCCPT now. those are my hopes for next year.

It was a physical style attack(use imagination) and it was easier to bypass a-lot of things, already being employed gets you by a-lot of security. so hypothetical situation…. you go to a conference as upper management and think nothing of it when companies like dell are handing out free USB drives then you plug it in. (Insert type of attack…[Read more]

Thanks UKSecurityGuy ! I made my CEO freak out so bad she sent out an email with in minutes stating that no random USB drives be plugged in something I had been trying to get done for a while! Thank you Rubber Ducky 🙂 I do agree with the Rouge AP point that you made i wouldn’t want to grab anyone’s personal info during the test. Thanks for the…[Read more]

this is going to sound funny but the CEO gave me a the go ahead as long as I don’t crash anything in production it really is a free for all. I suppose now that I saw that out loud i could find an unlocked computer and use a rubber ducky script to call back to my testing machine and get shell that way. I hadn’t heard of Open VAS I am going to scan…[Read more]

There is anti-virus it is AVG. I have tried other exploits for the Veritas application and none of them work. Yes i am running metasploit other tool that you would recommend? Im really looking for other possible ways of finding vulnerable applications other than an nmap scan that shows the ports and what service version there is.

I attended as a first timer and found it amazing! The people were friendly no one was standoffish I actually just walked up to a purple people and started talking. Didn’t get a Jane to try the CTF but heard people talking about inane sounded awesome. Some of the talks I liked the best we’re the recon-ng framework by Tim Tomes, Active defense but…[Read more]

I’ll be attending. Any recomendations for a first timer?

Congrats!!

I look forward to hearing more about this I am in the process of trying to determine my next class. I am like you and don’t necessarily like or have a firm grasp of scripting or programming. I twill be interesting to hear how you feel with that skill set after the class.

Will do I have found this to be a great recourse in getting information and things going.

Thanks! That is a great start thank you for you help and pointing me in the right direction. I do agree though that a BAA is a very huge piece that needs to be in place before anything can happen on either side.

I have done some research and the only thing I have found was a NIST document relating to the HIPPA Security Rule. That details risk analysis from an internal stand point but I am not sure how it takes into account specifically a targeted attack from a contracted company. I know that legally there have to be a business associate agreement but…[Read more]