Infiltrator

You can create a custom web-interface with HTML and CSS. For the part where you have to start and stop services, you could create two batch scripts, one for starting up the service and the other one for stopping service. My language of choice, would definitely be PHP. I can see that definitely working.

It all depends what area in IT you want to go to, as well as what experience you have at hand. I currently work for an IT company, doing 2sd level support and they require me to have at least Microsoft 7 and Windows 2008 server certification. I am currently in the process of studying for both, so I can take the exams later. I also plan on having a CCNA and Server/Active Directory administration certification in the future, very handy I want to get a promotion one day.

Yeah that would be outrageously cool but you could always post a link to a video as well.

In an attack like this, the attacker(s) must always have a clear picture in his head of what is inside and outside the box.

I've heard in other forums that testout seems a very good place to study for your certification. They have very comprehensive videos that will make learning fun and interesting and more enjoyable than any other. http://www.testout.com/

If you've been following the Stuxnet worm, you may have seen Ralph Langler's excellent analysis of the attack, published last week. Stuxnet is probably the most interesting piece of malware I've ever covered, and the more we learn about it, the more it seems to have been ripped from the pages of a spy novel. A targeted attack that used four zero-day attacks, compromised digital certificates, inside knowledge of a specific industrial computer installation, it was launched by someone or some group that apparently didn't really care if its target ever found out about the attack. I've been trying to get Ralph to give me an interview for several days now, but he's not ready to talk quite yet. In the interim, however, he did email me this blow-by-blow description of how he thinks Stuxnet was executed. To me, what he says seems completely credible. It's a very interesting description of an incredibly sophisticated operation. Did it work? Who was really behind it? We may never know the answer to those questions. Here's Ralph's write-up. The word Myrtus appears in one of the worm's drivers: The best way to approach Stuxnet is to think of it as part of an operation – operation myrtus. Operation myrtus can be broken down into three major stages: Preparation, infiltration, and execution. Stage 1, preparation: - Assemble team, consisting of multiple units (intel, covert ops, exploit writers, process engineers, control system engineers, product specialists, military liaison) - Assemble development & test lab, including process model - Do intel on target specifics, including identification of key people for initial infiltration - Steal digital certificates Stage 2, infiltration: - Initial infiltration using USB sticks, perhaps using contractor's comprised web presence - Weapon spreads locally via USB stick sharing, shared folders, printer spoolers - Contact to command & control servers for updates, and for evidence of compromise (important) - Update local peers by using embedded peer-to-peer networking - shut down CC servers Stage 3, execution: - Check controller configuration - Identify individual target controllers - Load rogue ladder logic - Hide rogue ladder logic from control system engineers - Check PROCESS condition - Activate attack sequence What this shows is that the 0day exploits were only of temporary use during the infiltration stage. Quite a luxury for such sophisticated exploits! After the weapon was in place, the main attack is executed on the controllers. At that point, where the rogue ladder logic is executed, it’s all solid, reliable engineering – attack engineering. Source: http://blogs.csoonline.com/1260/how_to_pla...look_at_stuxnet

That's a very nice theory Digip I might try that on my Xbox at home to see what kind of results I get.

That's why there is already NTLM V2

I am pretty certain the credentials will be encrypted. Secondly, decrypting the credentials will be a challenging task, since you will need to know what encryption type/method was used to encrypt your credentials in the first place. On a side note, your credentials would most likely be stored somewhere else besides the Xbox itself, unless you set it to remember, but even if the Xbox remembers your credentials it would definitely be encrypted, which would be back to square one. Anyway, just some of my thoughts.

IDG News Service - Hackers might crack or steal your password, but can they type like you? Japan's NTT Communications has developed a computer security system that analyzes the way a computer user types, and then checks it against a profile of authorized users to detect if the person at the keyboard is an imposter. The system, called Key Touch Pass, records the speed at which a user is typing, the length of time they typically hold down each key and the errors they normally make. Every few hundred characters it checks this against a profile of the user that is supposedly logged in to the computer. If the two differ by more than a predetermined threshold, the system concludes the computer's user isn't who it should be. NTT Communications anticipates the system could have uses beyond security and has already conducted trials with e-learning networks. Distance learning systems rely on the honesty of users, especially when taking online tests. The company is also eyeing potential use in the online banking field. During a demonstration of the system, which works in both Japanese and English, it was able to detect an imposter after several lines of text had been typed. The threshold in the system was set around 50%, which the company suggested was suitable for detection in e-learning applications. Other systems, such as online banking, could be set at a more rigorous level. A user's typing speed and style naturally changes depending on their physical condition, so some degree of leniency is desirable in the system. For example, an alert user at the start of the day might type differently from when they are tired at the end of the day. Source: http://www.computerworld.com/s/article/919...?taxonomyId=142

That's completely acceptable that can happen to anyone.

Not a problem, but that link really helped me understand the differences between RSA and DSA, it even led me to consider PKI in the future.

Umm so Twitter code does not force the cookie to expire, that's very bad.

No I have not done a real world test, but have done researches on it and also from reading other users comments that have done the same test as you did, they all suggested the same results as you.

Uhhhhh..... Thank you Sir but I have been to the page before. Anyway will still read it.

I don't know if this will make any improvements, but have you tried pointing the antenna at the direction of the access point, and does it increase the signal strength at all. Edit: I found this article interesting, it may help you identify the root of your cause http://www.binarywolf.com/249/signal_strength.htm

The only reason I see to use Fire-Sheppard is to jam Fire-sheep filters temporarily. That is not the optimum solution to prevent fire-sheep attacks, but it will help minimize its attacks. The author claims that Fire-sheppard is not a 100% solution but can give you a piece of mind in hostile environments.

I have some knowledge of Information Security and I am very good with all areas of networking and servers.

Anyway, I decided to use RSA to encrypt my files. I am also using 2048 bits to encrypt my key. Thank you. Regards, Infiltrator

Hi all, I am facing a bit of a dilemma and hoped someone could shed me some lights. I want to encrypt some files using OpenGPG and right now I am in the process of selecting a KEY but don't know which one should I choose from RSA or DSA. Can anyone suggest which one is the most secure one? Performance isn't really the concern here. Thank you very much Regards, Infiltrator

I upgraded my desktop computer HDD from a 7200 rpm to a 10000 rpm raptor. And I was very disappointed to find out that Windows 7 rated the HDD 5.9 instead of 6 or 6.5, everything else was 7.9. Can you believe that.

Hi, After watching this video, I realized how many people fall for this attack. And also how successful this attack can be, no matter how secure and protected your system is. http://www.securitytube.net/Client-Side-At...ting-video.aspx Regards, Infiltrator

Skullsecurity has tons of password lists, you might want to check their site as well http://www.skullsecurity.org/wiki/index.php/Passwords

Ohh yeahh, just use WPA2 and have a complex passphrase and you will be secure as hell. No one would be able to crack that pass-phrase if its complex enough.

If you don't mind me asking, did you do any training at all? Also what books did you buy? I am also thinking in getting CEH certified. Cheers Dude!