-
timmedin replied to the topic World's Greatest Hacker in the forum Other 9 years, 9 months ago
I find it funny that a university is having him come speak. In higher ed one of the most egregious sins is to plagiarize, and there is so much proof of him doing so (one example in his book is a rip of Chris Gate’s work and even has “cgates” in the text).
The guy is an absolute Charlatan. His felony fraud charges clearly prove it.
-
timmedin replied to the topic Dirty exploiting 101 in the forum Programming 9 years, 9 months ago
More context and description (probably audio) would make this a useful learning tool. Right now it just shows what happened, without explaining why it happened or why you want step X to happen.
-
timmedin replied to the topic Anyone read your InfoSec books on Kindle? in the forum Book Reviews 9 years, 9 months ago
I totally agree with everyone here. If you are just reading, then it works fine, but pictures, illustrations, and such are not displayed will on these devices. A tablet of some kinds works the best, but the battery life and back light are somewhat limiting.
Ironic, books on technology fail miserably when viewed on the latest technology.
-
timmedin replied to the topic Cutaway locks in the forum Physical Security 9 years, 9 months ago
@WCNA wrote:
Exactly. That was my point- feel. Get a cutaway where you can change the pins to make it “progressive”.
I got this one:
http://www.lockpickshop.com/EZPLX.htmlIt is great and I can swap out pins so I can teach someone with two pins, but change them out so I practice with 6 pins with 1 or 2 being spool pins.
-
timmedin replied to the topic Cutaway locks in the forum Physical Security 9 years, 10 months ago
The cutaways are super nice for explaining lock picking to people who don’t understand it. Once they can see what is going on inside the lock it the whole process makes more sense. Plus, newbies can see what they are doing when first starting out.
-
timmedin replied to the topic 64 bit Linux and hacking tools in the forum Network Pen Testing 9 years, 10 months ago
I use Ubuntu x64 and have no problems Pen Testing from it. If I did, I’d fire up a VM.
-
timmedin replied to the topic Some complex questions about ssl stripping and re-encrypting ssl traffic? in the forum Network Pen Testing 9 years, 10 months ago
It’s not just that, there is more too it. I you type http://www.paypal.com into your browser you will go to paypal and be redirected to https. SSLStrip will negotiate the secure traffic with the server, but then rewrite it so the user is never sent to the SSL site. No need to see any cert errors on the client side.
I don’t believe it is implemented yet,…[Read more]
-
timmedin replied to the topic NeXpose vulnerability scanner review in the forum Network Pen Testing 9 years, 11 months ago
Someone asked for my changes. Here they are, but they may invalidate support, cause other problems, kill puppies, or cause bad breath. Proceed at your own risk.
Edit /opt/rapid7/nexpose/nsc/nxpgsql/nxpdata/postgresql.conf
Line 61, change max_connections from 100 to 50Line 104, change shared_buffers from 32MB to 16MB
The combination of these…[Read more]
-
timmedin replied to the topic The inside story of the HBGary hack in the forum Ethical Hacktivism 9 years, 11 months ago
@digitalsecurity4u wrote:
Making yourself the poster child of how not to run a security company, nice.
I actually appreciate someone trying to take on Anonymous. Whether you support the cause that Anonymous stands for, what they are doing *is* illegal. And we supporting an “ends justify the means” approach is very dangerous.
If they ever recovery…
-
timmedin replied to the topic Help me passing GPEN in the forum GPEN – GIAC Certified Penetration Tester 9 years, 11 months ago
@kagyu wrote:
The test is cake if you took the SANS class. My suggestion would be to improve the index in each book to allow you to find things easier if you want to double-check before you answer the questions.
If you didn’t take the SANS class and are challenging the test, that may be more challenging.
I totally agree with kagyu. If you have…[Read more]
-
timmedin replied to the topic NeXpose vulnerability scanner review in the forum Network Pen Testing 9 years, 11 months ago
I use Nessus and NeXpose regularly. I really like NeXpose’s UI (Nessus’s sucks) and its web checks. The pretty export formats are nice, but the down and dirty csv and xml formats leave much to be desired.
NeXpose is also a memory pig! So buy some more ram. Support won’t even talk to you if you don’t have 4Gb available. After making a few tweaks…[Read more]
-
timmedin replied to the topic Python or Ruby. in the forum Programming 9 years, 11 months ago
Python, if for no other reason than Scapy.
-
timmedin replied to the topic Best Practices for Password Policy in the forum Other 9 years, 11 months ago
Microsoft did a great study on passwords, rotation, and complexity.
http://research.microsoft.com/apps/pubs/?id=74164In short, the more often a password was rotated, the less complexity users employed. My push has been to require much more complex passwords passphrases and rotate them yearly (not every 90 days).
As for service accounts and…[Read more]
-
timmedin replied to the topic The inside story of the HBGary hack in the forum Ethical Hacktivism 9 years, 11 months ago
There have a number of security companies pwned in the last few years. I’d be shocked if a number of the bigger companies wouldn’t also be pwnable, especially when you count the SE attacks. The SE attacks aren’t a pass/fail, its a question of what percentage of the people will fall for it.
-
timmedin replied to the topic BackTrack 5 in the forum Tools 9 years, 11 months ago
Those guys have been cranking out releases recently.
-
timmedin replied to the topic WPA Cracking in the forum Wireless 9 years, 11 months ago
Mr Razor is right. However, you could generate rainbow tables for common SSIDs, like linksys and such, but otherwise you can’t do much.
-
timmedin replied to the topic URGENT: Need advice in the forum Career Central 10 years, 12 months ago
SANS (sans.org) has a wide range of classes that are just related to pen testing. They have classes for managers, auditors, and coders too. In my experience the training has been top notch. I highly recommend them.
-
timmedin replied to the topic Daemon (2012) in the forum Mass Media 10 years, 12 months ago
A movie? Sweet! The book was great.
-
timmedin replied to the topic List of Webkit Vulerablilities in the forum Web Applications 10 years, 12 months ago
exploit-db.org is a great resource.
-
timmedin replied to the topic Vuln dated 1965 in the forum Network Pen Testing 10 years, 12 months ago
@oneeyedcarmen wrote:
The abacus was vulnerable to data corruption if it was shaken 😉
Classic! Someone should submit it to mitre.
- Load More