Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Tahnka

  1. I got my sec+ as a free addon to my mcse exams. It was a very basic test; basic as in stuff like "should you password protect accounts?". Sec+ might be useful to someone that only has a couple of years of experience: useful on your resume. For me after getting both mcse and sec+ I'm embarassed to even say that I have them to anyone technical. It helps when speaking with human resources or some manager that delegates instead of learning how to use a computer. But to another I.T. guy I'll only admit I have the certs if they drag it out of me. I didn't bother with the tests until I had 13 years of experience under my belt and by that time the tests were no-brainers. If someone told me they had SANS certs then that would pique my interest. But if a sysadmin attempts to prove his value to me by telling me has MCSE, MSP, A+ or Sec+, he'll definitly leave a negative impression.
  2. Thanks for the code. Here's a way to get security group info from active directory that only requires a domain user account. 1) Install Powershell (free) [http://www.microsoft.com/windowsserver2003/technologies/management/powershell/download.mspx] 2) Install PowerQuest's ActiveRoles Plugin (free) [http://www.quest.com/powershell/activeroles-server.aspx] 3) Restart 4) Launch Powershell 5) Load the ActiveRoles Plugin by executing "Add-PSSnapin Quest.ActiveRoles.ADManagement" (I just do this in my powershell profile) 6) Execute this command to see all security groups (including domain admins) in Active Directory as well as who their members are: "Get-QADGroup -GroupType Security | format-list -property ParentContainer, SamAccountName, GroupType, GroupScope, AllMembers" 6a) Or for even more of a fire hose do this "Get-QADGroup -GroupType Security | format-list -property *"
  3. http://stoned-bootkit.blogspot.com/2009/07...ck-working.html "From the technical point I am not hooking, patching or modifying TrueCrypt. But I am using double-forwards to intercept the encrypted and decrypted interrupt 13h disk I/O commands. It is like: Windows request -> modified by Stoned Bootkit -> TrueCrypt Encryption -> (double forward here) -> Interrupt 13h" http://peterkleissner.com/?p=11 "I suggested them solutions, offered them my help, however they are ignoring the security issue, so I will make my TrueCrypt attack open source. The software I have developed is able to bypass the full volume encryption of TrueCrypt when booting the computer. And they could easily prevent the attack from a running Windows – but they do not." http://www.h-online.com/security/Bootkit-b...n--/news/113884 "At the Black Hat security conference, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption."
  • Create New...