Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Profile Information

  • Gender

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Coalminer22's Achievements


Newbie (1/14)

  1. Just saw the first episode Mr Robot I liked it great deal, but was surprised to see a mainstream series that had this type of realistic portrayal in to the hacker world that I haven't felt since watching the original hackers movie. Maybe I'm just getting old but I cant decide if i'm in culture shock or having flashbacks from watching this... Has today's culture changed more than I think it has in light of all the data breaches and constant news.. will we see more shows where digital samurai are the norm, a paradigm shift similar to revenge of the nerds movies if you will, or is this show to be one of a kind? I'm interested to see how it evolves and if this will die quickly or is only the start based on public interests So do you guys love or hate it?
  2. I just got 10 of these bundles and ran in to simular issue. Tested the Standard A and Micro B with an adroid phone and they allowed power to the phone while blocking data. (S4 in test) Repeated the process with a iPhone 4 (the intended use for all of these) and the Standard A dongle, but now the iPhone will not charge from it. So, little surprized by this and not owning an iPhone personally little puzzled. Maybe this is an ios7 "feature" or issue with power negotation? I went on to test this with the lighting adpater after getting iphone 5 to test this with. The lighting adapter clearly has a micro B female on the other end. So connected it and it charges which seems great till momment later the computer offers to open up a folder on the phone... So the lighting is just an adapter and not data blocker by itself. So I try the lighting adapter with both the micro B and then the standard A dongles and have the original results where the phone refuses to charge. Not owning an iPhone personally I feel bit like a noob in a blender here and could use some help. Is there an iPhone setting that could be changed to tell it to allow the charging? [Kinda like an android phone has setting to allow 3rd party apps to be used and tested on it]
  3. If you are looking to build your skills I would go so far to suggest you start with the basics of Harding a system first. Then follow that up with learning to measure the effectiveness of that single control. example - lock the ports down on a computer - measure your efforts with a couple different port scanners Keep going threw the ABC's of system hardening from a defense point of view. Learn to implement a security item then learn to how to verify it. Comprehensive security from defense point is hard. You need to do everything, all the time, and do it well. While attacks can focus on a single crack. From a money point of view I wouldn't pay for someone to come in and blow up my network (I already have stacks of reports and have more projects than time as well as access to tools like metasploit) What I would see large company paying for is someone that can come in and make recommendations on how to fix (or prioritize) the issues they find after the pentest. I could be wrong on this, maybe people are just doing it to check a pci compliance box or because they need help selling the need for security, but if that is the case I'd imagine they are looking for lowest bid to come in and isn't the point to make big money? :D Also, don't under estimate the value of communication skills - you need to discus the scope of the attack thoroughly and present your findings afterwards. My current employer perked up during the interview when the topic of me presenting a large design project I had worked on came up. I think it helped stand out from the 80 other candidates they had. I do get chances to test items on a larger system, but when I do it is normally after weeks of discussion and reflection on the possible risk, systems that could be effected, possibility of outside software doing something undocumented or having malicious program and if everyone is safe with me testing it or if the test needs should be done by another member of the team. Plus it helps I have worked to build trust. B) The Future of security and pentest is going to move more in to the testing of application, web apps in particular Recent issue by LinuxFormat "the hackers manual 2014" has on page 67 article about setting up a wordpress VM that in vulnerable then attacking it and learning to patch it. Also I would pay attention to the mention of OWASP ! We actively review and teach their items with our developers (side note: most of the issue isn't stuff a pentester would care about, but the section on web hacking alone is worth the cost IMHO) alright, enough rambling for now
  4. The safe length of a password keeps growing, and we are considering possible increasing length by one every year till probably infinity as computers keep getting more powerful at cracking passwords. If users can't remember passwords they will form have bad habits like writing them down... ...Long term this seems like a losing strategy - I can't be the only one thinking this, so what are other people doing? First rule of Security: It has to be usable or security won't be used. Second rule of Security: there are no rules.. lol So anyways back on topic personally I like the idea of moving strait to a 24 charter password today with an added login option for two factor where the user only needs a token of some type and short pin. What are others using, and what works? (what doesn't work) Target: Citrix Desktops, Laptops, and iPhone Thoughts: Leverage existing proximity cards Fingerprint scanners Iris Scanners ($$) Smart Card Readers RSA - currently we have RSA in limited use, but it seems unproductive to wait for token then enter it in, a faster and easier user experience would be more ideal Price, cheaper solutions are obviously easier to sell, but usability and security are more important
  5. I was thinking more like a basketball hoop net, or kids soccer net, but rent me a helicopter and we will talk!
  6. I kinda of like the net idea for the pick up. You could attach it to the center then stretch it out to the sides with little Velcro so you have wider net to snag the hook and once you get it the Velcro rips off leaving the weight on the center.
  7. Thanks for sharing, love seeing what topics pop up at these conferences
  8. you can white list block uuid's depending if you have the time to maintain list or range of list for all your devices the uuid can be changed but it is guessing game and much more unlikely
  9. If the weight and battery length of the pineapple are an issue for the battery length of the drone, why not attach hook to the pineapple for pick up and make it so you can drop it off. Also if the Drone has GPS, is it possible to use coordinates from Google earth to go to a roof and back without a camera?
  10. here is the MD5's if anyone is squinting at the photo katana-v3.0-beta-1.zip 0752763067e5c1eba3707c5356ccd567 katana-v3.0-beta-2.zip ebc0c0279a0b4095f28dfd4121cebf40 README.txt 9a28941d0845481338876d83880cd356
  11. ha, well more of upgrade goals and most of them would be in expansion slots so they could be done in stages ;)
  12. So watching some of the old vids and I got intrigued with the idea of a squid web cache. long story short I was thinking how far I could really upgrade an old computer to make it a powerful router Anti-virus on it, maybe couple 10GE nix cards, 802.11ac wi-fi, SSD to keep squid snappy And I'm wondering when they say the specs don't matter is that true and is there a point when they do? I'm sure running A/V inspection and adding other apps have to add up? is there any bus concerns at 1gb/s or 10gb/s networks for the nix cards And if that wasn't enough to ponder, then it hit me when I remembered I had two brand new cisco rsv4000 routers in the closest waiting for some action. I'm still thinking a squid web cache will be great use but I have to wonder when everyone says a old computer will make stronger router is this always true because of the more power or is there point when routers become better then a router OS? any input or feedback would be greatly appreciated
  13. I was wondering if it would be possible to log gps data while using screaming pineapple or some type of wifi device, possible an outdated android cell phone? Would logging wifi be possible on remote device so we could use it to collect and create wifi maps, scan an area for rouge wifi's, or would the speed of the screaming pineapple be to quick to get useable gps information logged with the wifi data? why WarWalk/Drive when you can Fly?
  • Create New...