|
CLAM DOWN posted:
Seriously, show you want to do well at this job. There are so many labs out there for FREE (I recently saw a GitHub script that loads one of a hundred different testing labs. They are out there) to find out what you want to do. The worst candidate is one that just has a piece of paper in their hand and expect the world to throw them a fun job ; Being papered has the world throw audits at you. Web app, appsec, binary analysis , mobile, IoT (of course fully trustable because manufacturers said so ), cloud. Look through some awesome exploits in the past couple months and ask yourself which one made you go, "wait... Why would it work like that? I kind of want to know." Right now I am using padbuster to prove to the developers that their sessions can be fully decrypted using oracle padding. I am doing this because people knew I love this sort of poo poo and willing to work to prove it because I find enjoyment out of it . EVIL Gibson fucked around with this message at 21:41 on Dec 19, 2017 |
# ? Dec 19, 2017 21:39 |
|
|
# ? May 13, 2024 10:56 |
|
what cert should I get? I have ceh and I don't like it because "certified ethical hacker" sounds really stupid.
|
# ? Dec 19, 2017 21:49 |
|
NevergirlsOFFICIAL posted:what cert should I get? I have ceh and I don't like it because "certified ethical hacker" sounds really stupid.
|
# ? Dec 19, 2017 21:58 |
|
NevergirlsOFFICIAL posted:what cert should I get? I have ceh and I don't like it because "certified ethical hacker" sounds really stupid. What do you want to do?
|
# ? Dec 19, 2017 22:00 |
|
NevergirlsOFFICIAL posted:what cert should I get? I have ceh and I don't like it because "certified ethical hacker" sounds really stupid. oscp is at least fun
|
# ? Dec 19, 2017 22:01 |
|
NevergirlsOFFICIAL posted:what cert should I get? I have ceh and I don't like it because "certified ethical hacker" sounds really stupid. It used to be an awesome cert. Trabisnikof posted:oscp is at least fun Would not suggesting going for oscp unless you can break a metasploitable lab without using metasploit due to recent changes. You can now only use one metasploit module/shell for one of the boxes. Look up hackbox . It's like a oscp lab without paying anyone.
|
# ? Dec 19, 2017 22:01 |
|
EVIL Gibson posted:It used to be an awesome cert.
|
# ? Dec 19, 2017 22:04 |
|
EVIL Gibson posted:Look up hackbox . It's like a oscp lab without paying anyone. https://www.hackthebox.eu New boxes are released every week of varying difficulties. It's a lot of fun. e:Also, this isn't cert related but you should definitely be playing with the SANS Holiday Hack Challenge. https://holidayhackchallenge.com/2017/
|
# ? Dec 19, 2017 22:05 |
|
EVIL Gibson posted:It used to be an awesome cert. did they change it so you can't use venom and the standalone utilities?
|
# ? Dec 19, 2017 22:07 |
|
EDIT: Saw a later post invalidating my response, apparently.
|
# ? Dec 19, 2017 22:18 |
|
Trabisnikof posted:did they change it so you can't use venom and the standalone utilities? You can only compromise a server with metasploit/metepreter for one machine only. After that, it's all manual scripts. Plus they reduced the bonus points for the write up from 10 to 5 . I was told they are very good at keep track when you burn your single metasploit/metepreter allowed use. (It's sounds like they want you to set up the pipes yourself instead of not being able to do it without metasploit) I think msfvenom is okay??
|
# ? Dec 19, 2017 22:25 |
|
EVIL Gibson posted:Seriously, show you want to do well at this job. I know there's a bunch of Canadian goons, and some of those are Alberta goons. Any recommendations for decent groups to join for someone in Edmonton? Virtual or IRL? What was fun is in the Sec+ study guide, the pre-assessment exam I got 65% on, no studying, but I really saw myself going "I know this is the answer, but I don't know why" which gave me a good batch of things to look towards learning.
|
# ? Dec 19, 2017 22:49 |
|
EVIL Gibson posted:I think msfvenom is okay??
|
# ? Dec 19, 2017 22:59 |
|
Avenging_Mikon posted:I know there's a bunch of Canadian goons, and some of those are Alberta goons. Any recommendations for decent groups to join for someone in Edmonton? Virtual or IRL? I'm not sure about Edmonton, sorry, I'm not aware of an active group there atm.. I know Calgary has a much more active/known community that puts on their own BSides, and works with the Vancouver infosec group a fair bit. Maybe that's a good shot for you? You can always hop on the vancitysec slack and whatnot too, there's no geographic restriction there and we'd be happy to have you especially if there's no real local options for you. Check out https://fourthplanet.ca for events, and /slack for the slack invite.
|
# ? Dec 19, 2017 23:04 |
|
Avenging_Mikon posted:Sweet. I'm really enjoying security stuff. Not "glamorous" stuff like pen testing or red teams, but setting up an environment that allows users to do what they need, no more, no less, while minimizing risk of data breeches. HIDS and NIDS and all that fun poo poo. It's something I'd like to get in to as my focus. Just don't know what aspect yet. Really appeals to my nit-picky nature. My Edmonton infosec group is me and one other guy. You are more than welcome to join our ranks. The Calgary group is way better for basically all the reasons CLAM stated.
|
# ? Dec 20, 2017 21:47 |
|
ChubbyThePhat posted:My Edmonton infosec group is me and one other guy. You are more than welcome to join our ranks. I will take you up on that offer. Hit me up with the details.
|
# ? Dec 21, 2017 00:18 |
|
PM'd, friend.
|
# ? Dec 21, 2017 00:42 |
|
The "metasploit on one machine" restriction is trivial and has no impact on the actual OSCP exam. You can use meterpreter as a revshell (but be careful about what modules you run). But really, you're going to be doing your escalation from the shell anyway - you don't need the other cool meterpreter stuff at all really.
|
# ? Dec 21, 2017 01:33 |
|
don't pay for a sans cert with your own money ever... their quality varies greatly, anyway take that oscp and prove to employers you can grep exploitdb
|
# ? Dec 22, 2017 10:11 |
|
Someone left a format disk command line in one of our servers, just needed an Enter to wipe out the main disk... the admin is calling everyone with access to accusing us of trying to prank him. Do intruders leave this kind of thing often? Should we be looking among us? I know some people don't like him, but I don't think my coworkers are that capable.
|
# ? Dec 22, 2017 16:55 |
|
Wait.. What? Was the command line open in PXE or something? Did no one notice the server was down?
|
# ? Dec 22, 2017 17:03 |
|
orange sky posted:Wait.. What? Was the command line open in PXE or something? Did no one notice the server was down? This is a good question, because if it was an RDP session it would have been in his own account. Which means either he left himself logged in, or someone knows his password. I vote prank. And that he left himself logged in to a server. Because that’s the least depressing scenario I can think of.
|
# ? Dec 22, 2017 17:10 |
|
I'm sure it's a shared admin account or a physical console session.
|
# ? Dec 22, 2017 17:15 |
|
RDP'd in with the console flag and then had a VNC listener sitting open would get you there.
|
# ? Dec 22, 2017 17:17 |
|
I mean the only thing that's weird to me is you can't really format the os disk through cmd in an RDP session
|
# ? Dec 22, 2017 17:19 |
|
Shared admin account on a windows server 2012 r2... yes.
|
# ? Dec 22, 2017 17:22 |
|
Talas posted:Someone left a format disk command line in one of our servers, just needed an Enter to wipe out the main disk... the admin is calling everyone with access to accusing us of trying to prank him. If the server in question is a VMware VM and the offending prompt was found on the VM's console then you can check the events for the VM to determine who launched the console. Of course this is assuming everyone has separate accounts to access your VMware environment. If that is not the case then buddy you've got much bigger problems.
|
# ? Dec 22, 2017 17:27 |
|
Talas posted:Shared admin account on a windows server 2012 r2... yes. Here’s your opportunity to advocate against that terrible policy.
|
# ? Dec 22, 2017 17:28 |
|
The Fool posted:Here’s your opportunity to advocate against that terrible policy. Please do this.
|
# ? Dec 22, 2017 17:32 |
|
The Fool posted:Here’s your opportunity to advocate against that terrible policy.
|
# ? Dec 22, 2017 17:32 |
|
Read up on RBAC and principle of least privilege, then apply these concepts to your environment.
|
# ? Dec 22, 2017 17:37 |
|
cheese-cube posted:Read up on RBAC and principle of least privilege, then apply these concepts to your environment. I have a client with an instance of RBAC that has gone completely out of control. The base concepts are all still there but they really went a little too HAM on the whole idea. ie: They literally make a new group for every new permission they want to grant. Add somebody to the existing Accounting group? Well this guy isn't in Accounting, but every other Tuesday needs access to this one folder in the Accounting share, let's make a new role for this and add all of Accounting to it as well!
|
# ? Dec 22, 2017 17:43 |
|
ChubbyThePhat posted:I have a client with an instance of RBAC that has gone completely out of control. The base concepts are all still there but they really went a little too HAM on the whole idea. At the end of the day RBAC is only as good as your policy and your enforcement tool. If your policy is poorly defined then you'll end up with inefficient and/or inappropriate delegations. If your tool is poo poo then your ability to align configuration with policy and do the nuts-and-bolts of RBAC (Approval workflows, privilege-to-role mapping, auditing, etc.) will be hampered. The specific scenario you mentioned can be handled with a tool which supports JIT delegation. Of course, this requires you to have a tool which isn't terrible. Edit: I can't recommend any RBAC tools however I can say that the CA offerings are absolute garbage so steer clear of them.
|
# ? Dec 22, 2017 18:13 |
|
Talas posted:Shared admin account on a windows server 2012 r2... yes. Don't share admin accounts
|
# ? Dec 22, 2017 19:13 |
|
ChubbyThePhat posted:ie: They literally make a new group for every new permission they want to grant. Add somebody to the existing Accounting group? Well this guy isn't in Accounting, but every other Tuesday needs access to this one folder in the Accounting share, let's make a new role for this and add all of Accounting to it as well!
|
# ? Dec 22, 2017 22:08 |
|
Except adding all of accounting to a group that doesn't give them any additional access for no reason.
|
# ? Dec 22, 2017 22:40 |
|
That's more of an organisational issue than a technical one, but I like to see groups in the permissions list, not users.
|
# ? Dec 22, 2017 23:07 |
|
I think it’s just the adding accounting to the new specialty group. Seems extraordinarily useless.
|
# ? Dec 23, 2017 00:17 |
|
Orcs and Ostriches posted:That's more of an organisational issue than a technical one, but I like to see groups in the permissions list, not users.
|
# ? Dec 23, 2017 07:06 |
|
|
# ? May 13, 2024 10:56 |
|
ChubbyThePhat posted:My Edmonton infosec group is me and one other guy. You are more than welcome to join our ranks. Yeah actually PM me too. I'm in an InfoSec job but I'm mostly just doing certs (like Certificate management, not learning) and making AD less of a suckhole. I should get into more learning and lab stuff.
|
# ? Dec 24, 2017 06:33 |