Raziel

Lol, kind of looks like a reflection of someone standing in their undies in the mirror.

We use a program called horizon patient folder to scan our documents. It's put out by McKesson. It uses barcodes that that tie in our emr. It's expensive. And you'll find you're going to pay out the butt for something that is HIPPA compliant. If you make your own, you better be able to show how secure it is when the auditors come knocking.

That's a good point. Disabling logins is good practice and move to a key authentication would be a good idea unless you needed the user / password login method.

From a sysadm point of view, I would block the subnet for a week on the firewall. This also might be a good time to make sure you're not allowing root logins over ssh.

Google music is nice. And it works nicely through a web page. But there is a paid app you can use also. Only downside is you have to upload your music first. So it's not technically streaming from your home.

DNS entries can be cached on a client. This is done to reduce traffic to the DNS servers. So even if you visit google.com 50 times in a day, your client only does one initial DNS resolution. You can flush the DNS cache on a windows box by doing the following ipconfig /flushdns

Turn on ip forwarding? echo 1 > /proc/sys/net/ipv4/ip_forward

Check out karmetesploit. Basically just uses airbase-ng and metasploit together. Super fun. Finding the karma.rc was hard for me, so if you can't find it... Let me know and I'll post it here.

What happens if you flush the DNS on the victims machine after the attack is over? Does it still happen?

That's a pretty old exploit. Are you sure your target machine is vulnerable to it? It would be extremely rare to see that vuln in the real world.

I have a bs in computer science. Manage an environment of about 2500 computers. But it really depends on the complexity as stated. I also handle the VMware farm of about 250 servers. All the backups (vm level and file level) and all the patching. The enterprise tools that exist today make it so there isn't much difference in management time between 100 computers and 2000. It's the same number of clicks to push software / security patches. The time is consumed by supporting them physically (ie imaging new ones, swapping out a mouse, etc) which as. Sys admin you don't do too much of. You have a team of people below you to handle that. All that being said, I personally make a little over 60k. That's in Utah.

Hmm. Maybe build a phishing splash page asking them to log in again, and then set it up in startup folder. But I think the msf will be your best bet.

^^ Echo that

Sorry, didn't see the episode. But airbase-ng is what I've been using lately.