n37sh@rk

Forum Replies Created

Viewing 14 reply threads
  • Author
    Posts
    • #53903
      n37sh@rk
      Participant

      Maybe find an application or company with a bug bounty and step through testing their application showing each step and how you moved through. Obviously with in the scope of the bug bounty program.

    • #53863
      n37sh@rk
      Participant

      Thanks a bunch! I actually have a contact that is working on the project I didn’t know they were looking for more help. I will have to talk to them while I am at Derbycon. I will definitely be looking into the Security Tube I heard the Python course is pretty good. Thanks for all of your advice.

    • #53861
      n37sh@rk
      Participant

      Dynamik thanks for the advice. I am currently working on my BS in IT Security Emphasis. I am currently in a “consultant” position where I am doing Vulnerability Assessments and Awareness Training. When I am not doing that its Help Desk/Sys Admin.

      As for programming knowledge I have a very little, I find it hard to learn programming with out a specific project or goal. I have Python for Kids and Gray Hat Python that I am trying to get through. I am always trying to research and learn new things.

      I also would like to get involved in an open source project but I’m not sure where to look any advice?

    • #53894
      n37sh@rk
      Participant

      Not a bad idea I have heard alot of people say start a blog! I will deff ad that to the growing list of things to do lol. I do work for a consultant as well and I think we are going to start something like your company does, with the seminars. Security is all about awareness and it seems like your company is headed int he right direction!

    • #53892
      n37sh@rk
      Participant

      Thanks for all of the info! I am going to at least try once class and then see how it goes. I’m not sure I will get the 4 people though I live in such a small area that the cost might be prohibitive. Either way I feel like I need to at least try and spread the knowledge of security.

    • #53889
      n37sh@rk
      Participant

      Thanks! Ill check that out.

    • #53859
      n37sh@rk
      Participant

      Grendel,

      You have a very good point, I think that is something that I might have kind of been influenced per say by the talk of offense and defense.

      Thanks for your insight, it is always good to hear from people that have been around the industry longer than I have.

    • #53845
      n37sh@rk
      Participant

      Thanks for the link! That is the exact one I am following in making my index. I have talked to a lot of people and they have all said having a good organized index is the key to passing.

    • #53836
      n37sh@rk
      Participant

      Thank for your help. I will let you know the outcome.

      thanks.

    • #53834
      n37sh@rk
      Participant

      Correct there is a baseline VM that we want to use. slmgr -rearm from the research I have done dose not seem to work in XP I would have to use the rundll32.exe syssetup,SetupOobeBnk. That is supposed to only let you do it 4 times as well. I like the idea of using a script to automate on boot up just run the command and then delete it self so that it doesn’t run after every boot up. I was looking for more of a software package but if I can get a script to work it might just be the solution.

      Thanks!

    • #53595
      n37sh@rk
      Participant

      No Problem! If i’ve learned anything its that sharing is caring 😀 lol

    • #53598
      n37sh@rk
      Participant

      I did I got my C|EH and CPT. Saving up for OSCP and eCCPT now. those are my hopes for next year.

    • #53593
      n37sh@rk
      Participant

      It was a physical style attack(use imagination) and it was easier to bypass a-lot of things, already being employed gets you by a-lot of security. so hypothetical situation…. you go to a conference as upper management and think nothing of it when companies like dell are handing out free USB drives then you plug it in. (Insert type of attack here). I think you could probably imagine where it went from there, thus the freak out. Also thanks for the heads up on terms of employment I will keep that in mind if I ever get an actual pen-testing job and not IT/Support/Security lol

    • #53591
      n37sh@rk
      Participant

      Thanks UKSecurityGuy ! I made my CEO freak out so bad she sent out an email with in minutes stating that no random USB drives be plugged in something I had been trying to get done for a while! Thank you Rubber Ducky 🙂 I do agree with the Rouge AP point that you made i wouldn’t want to grab anyone’s personal info during the test. Thanks for the tip’s though! I love this job ;D

    • #53587
      n37sh@rk
      Participant

      this is going to sound funny but the CEO gave me a the go ahead as long as I don’t crash anything in production it really is a free for all. I suppose now that I saw that out loud i could find an unlocked computer and use a rubber ducky script to call back to my testing machine and get shell that way. I hadn’t heard of Open VAS I am going to scan with that and see what I get. I guess i was so caught up in trying to get remote shell using metasploit I lost sight of everything else I could be trying! Thank you so much!

Viewing 14 reply threads

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?