Demux
-
Posts
3 -
Joined
-
Last visited
Everything posted by Demux
-
RT @davidfrum: A great way to show respect for the flag is to refuse offers of clandestine election assistance from hostile foreign espiona…
-
RT @DisTrumpia: Lindsey Graham says if this repeal of the ACA fails, we'll end up with Universal Healthcare. Retweet if you're good with…
-
RT @perrymetzger: The pinnacle of popular reporting on computer security has been achieved. https://t.co/IhRD3igsRr
-
RT @VictorDuruy: #Irma Ce que fait un vent à 250km/h (vidéo de Saint Martin?) https://t.co/7k3NYOYZge
-
RT @webmink: For those unaware, Oracle laid off ~ all Solaris tech staff yesterday in a classic silent EOL of the product. https://t.co/ibs…
-
RT @r3dey3: @Viss @hexwaxwing @hacktifish @rqu45 Max file size of 25MB... can host .exe and ELFs no problem though.
-
@dteare Just an FYI, you mentioned that Argon2 didn't work in a javascript env today at #BSidesLV, it is supported https://t.co/AN4D589lvJ
-
RT @FiloSottile: BlueCoat now has a CA signed by Symantec https://t.co/8OXmtpT6eX Here's how to untrust it https://t.co/NDlbqKqqld https:/…
-
@NoahsBgls been getting a lot of bagels like this delivered recently from your Pleasanton store... https://t.co/39dPObRajM
-
What digininja said, but use a hidden OS and a decoy OS, so if you are coerced into decrypting the volume, you can decrypt the decoy volume. When you want to wipe the drive, just delete the MBR and all the data become unrecoverable. There have been a couple of demonstrated hacks for this type of protection, but they require the attacker to have administrator level access on the unencrypted drive, by which point your already hosed anyway (http://www.stoned-vienna.com/downloads/TrueCrypt%20Foundation%20Mail%2018.%20Juli%202009.tif).
-
For SSDs, I would recommend just using full 'disk' encryption (SSDs aren't disk shaped, lol) with truecrypt with pre-boot auth. That way the data is irrecoverable while the machine is off and/or the drive is unmounted. For my regular disks, I use CCleaner and the following shutdown script instead of the shutdown menu item: :: This script kills all browser processes by image name and runs :: CCleaner, then shuts the computer down TASKKILL /IM chrome.exe /IM firefox.exe /IM iexplore.exe "C:\Program Files\CCleaner\CCleaner.exe" /AUTO /SHUTDOWN [/CODE] Note that this script must be run with admin privileges in order to kill the processes. Also, you may need to modify it for your install location of CCleaner. Make sure to configure CCleaner to do '1 pass wipe' for secure deletion. Any more than that has been shown to be excessive (http://www.howtogeek.com/115573/htg-explains-why-you-only-have-to-wipe-a-disk-once-to-erase-it/).
-
Like others have said, there are a lot of tools out there for learning and practicing exploiting web app vulns. Mutilidae is great and it comes bundled along with DVWA and a number of other vulnerable services in Metasploitable 2 (http://sourceforge.net/projects/metasploitable/files/Metasploitable2/) which is put out by Rapid7. There are also a number of great security CTF competitions, such as Stripe CTF that can really help hone your skills. I would also echo Digininja's comment that you should do manual testing as much as possible if you really want to learn how it works. Good luck! (Also, sorry for waking a slightly stale thread.)
