Stevie
-
Posts
68 -
Joined
-
Last visited
Posts posted by Stevie
-
-
Problem I'm having is although IT is my life, I enjoy my work and it's also my hobby and I've never got bored of it, so where's the problem? Gaming. I'm also a bit of a gamer and my motivation or discipline is shit. I have Vivek's WIFI book that he released in the hopes to learn at least the basics of one area, but I've never forced myself to sit and go through it all. I always end up on a game instead of studying more. I have another powerful PC which is my lab machine with ESXi etc on it. I set it up then end up on a game again so neglect it for months. Need to sort that out if I want to learn more and progress.
-
If they take it home and do it, that may be considered illegal wire tapping in some places, since you breached a system not your own, and made it do something without permission of the end user. I'd get advice from someone like the EFF before doing a "call home" type thing. If all you did was display a message, like, "You inserted an unknown USB Device from 'insert work name here' and this is a warning to all employees to think before you act" type thing, then I think that would be probably ok and not an issue, but the dialing home, etc, type stuff, might be breaking some laws depending on where you live.
That's where it's annoying as I'd considering it "Tough tits. You found the stick in the office car park. Instead of handing it in at reception you decided to take it home, maybe hoping for a free memory stick. But no, you've been infected instead, but again, tough tits for not being honest"
:)
-
What about that guy recently that report an exploit that got told "It's not a bug". Then he got onto Zimmerman's page to prove it. They than admitted it was a bug but they know won't pay him because of that & are trying to back track claiming he never gave them enough info. Yet they appeared to have enough info to claim to him "It's not a bug".
-
Watch Dogs
in Gaming
Looks good but I don't think it's been released yet.
-
Some good points and interesting to hear from the Pen Testing side. I maybe vague here in case someone I know reads these. I have been lucky in my current role as the engineers I work with are all nice and helpful which is rare. I can't stand IT Engineers who hold information and aren't helpful. Anyone new, I try to help as much as I can. My old manager also drummed into us in my old company about "single points of failure". So I try to document everything & the fixes I come across. So if I'm not in or have left, someone else can fix the issue. We did have an engineer who was an arsehole but knew quite a lot in my past company. Once you worked out how to play him, he was easier to deal with but really surprised he wasn't given the boot because he'd even be rude to the customers. But then senior management there were arseholes (I can think of a stronger word but can't say that here)
I feel one of the issues we currently have is our IT management panics when the pen test reports come in. They actually respect them and so they should. But I've explained that I've always been lead to believe they are suggestions & it's up to the company to decide if the fixes should be applied or not. If the suggested restrictions are to much, are currently unworkable and will hamper support, then they can wait and be changed later. I would like to be more open here, but fear of people reading this, can't. It would explain why we have issues. But some of the suggests we feel they bring up, aren't as serve as they claim. We have some good people that know what they are doing & they've even said some of the issues don't make sense. One of the issues they claimed was serve was our WIFI SSID name. For staff and clearly named so. They've said this will make it a bigger target and needs to be changed. 3 of us gave the argument, in private, why this was a none issue. We've changed it to conform but I explained what's the point. If I use Airmon-ng, you'd sit there and monitor the WIFI in the area and see what you can see. Anything with an obscure name will look interesting. You'll monitor this obscure name, see loads of devices connecting and disconnecting and know it's a business, so target it. Another point was that, if it was me, I'd just check every one I see in the area, again, the one with the most devices popping off and on, I'd assume was a business so again, target it. So I don't see how the SSID name is such an issue and changing it to something obscure, won't stop an attack on it.
It's good to see the point from the pen testing side though. The IT Team midnitesnake came across though seem like arseholes and I'd never like to work for a team like that.
-
These are just random thought, I'm just making a discussion from what I've watched and seen. I know this is in all walks of life and not everyone is like this. But I've watched a few "cons" and am beginning to feel more and more there either appears to be or I'm just not understanding their personality, a lot of arrogance in the pen testing community. I admire their work, the holes they find I find interested, the way they get around security but some just seem to come across as arrogant. As an IT Engineer and not in the same league, maybe I feel inferior so maybe, wrongly, see it as arrogance, that they are looking down on me. I've always been interested in security, but this is what puts me off attempting to get into the field.
Where did this come from? The recent Pen Test done on our company. I'm not involved but some of the finds in the reports just seem a little off to me. But that's another story. I was watching one of the old "cons" recently, Defcon 19, with the panel and Jericho was on it. He seemed to come across really hostile and arrogant. I could be totally wrong, he's probably a decent guy but, I totally don't agree with his comment 14mins in to the talk. That when you work 40-80 hours a week banging your head against a wall but being paid for it. Pen testing for 15 years, going back every 6 months to re-test and nothings changed, companies still not patching holes they've been warned about. Maybe it's time they were bent over and fisted. You'll need to watch the video for the full quote. But I just feel. You're a pen tester, you're hired to come into a company like ours and test and give us a report. Nothing more. Pen testers aren't the law or police. It's then up to that company to decide if it wants to act on those holes. Yes, they'd be stupid not to, but it's the companies decision at the end of the day. It's not the right of the pen tester to feel he/she, then has the right to "fist" the company after, because they gave them plenty of warning.
The whole talk just felt uncomfortable to me.
The other speakers I've enjoyed though are Dan Kaminsky and Zoz's talk at DefCon 18 when he had his Apple stolen :) (the Apple being stolen wasn't funny, how he got it back was) and also Jason Scott's talk "You're stealing it wrong"
This is why I'm crap at explaining what I'm thinking, because these talks show the industry isn't full of arrogance and so does Hak5, hence all those years ago when I found Hak5, I've ended up still here.
I'll get my coat.
-
In Firefox. Just brings up code
EDIT-
I should of said, this is on the forum. You just get this :
{ "error": { "message": "Error validating application. Application has been deleted.", "type": "OAuthException", "code": 101 } } -
Security Essentials, since MS purchased them, is shockingly shit at detecting anything. Try Comodo AV a lot better in tests at detecting more nasties.
-
NewSID was retired a while ago because SID issues were deemed a myth so you can't download it anymore (although just realised you haven't actually said use it). Mark has a good blog on the subject
http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
Having said that, NewSID still seemingly appeared to fix some issues we had at my old place. Still available to download at my site if you wish
http://stevenwhiting.com/blog/?p=316
According to Mark having two SIDs on the network is fine and won't cause an issue and AD won't reject them.
-
This is all on a test lab so the VMs aren't up all the time. Just for when I'm messing, then get turned off later. This is my lab setup at home so nothing on the AD of interest. Problem with all the suggests is my lack of knowledge of Linux, hence wanted the drag and drop options. Got it working in Kali Linux but can't find the HASH crack tool that the guy used in the vid. Will keep looking.
-
So just found pen testers had done hash dumps of our AD at work and got some accounts. Wondered how it was done so looked around and think I found a video that explains it.
Anyway. So booted up my test domain VM and copied the SAM, Security etc files. As VMWare Tools is already on the AD box, it was easy dragging and dropping these to my main Windows 7 machine that runs all my VMWare VMs. VMWare Tools being on the virtual machine allows me to drag from the VM straight to the physical Windows 7 machine. Getting it into the virtual BackTrack 5 is the pain.
I think I've managed, with the help of videos, to install VMWare Tools into backtrack, are they running? I don't know as new to Linux & I still don't believe it's user friendly so problems working out what is going on.
So now I need to get the folder on my Windows 7 desktop to the VMware Backtrack 5 VM. But can't do the drag and drop that I can with my Windows VMs that all have VMware tools installed and running fine.
Any help would be appreciated thanks.
-
I have used Camtasia to record Time Team off 4OD. Breaks their licence agreement granted, but it's for personal use and they won't release each series and each episode on DVD because, I assume, they believe their is no market for it. If that's the case, then sorry, the only option for me is to pirate as I can't afford to stream it all the time (limited bandwidth). It does require me to watch the show at the same time though and I then can't use the PC.
It's the only other way, if the above doesn't work (I like digip's suggestions) I can think of, but then you'd have to buy Camtasia as well.
-
I believe the BBC encrypt most of their streams. The only way I can see is capturing it with screen capture software that also captures the sound. But you'd have to listen to the show to capture. Probably breaks their licence agreement though. I know they have a load of podcasts freely downloadable (the Friday Night Comedy on Radio 4 is always good) but his don't appear to be on there.
-
The Fujitsu is now out the window. Now looking at
Lenovo Thinkpad W530
Lenovo have been used on the ISS for years so must be reliable :)
The Fujitsu went out the window after reading the review on notebookchat. I like the way they have the images of the laptops open so you can see how easy they are to repair etc.
The Lenovo appears to be more a workstation power house laptop, which is what I want. But still looking.
-
noip.com does look like it will sort out the dynamic IP issue. That's the problem with your IP changing all the time, you're on a dynamic IP setup with your ISP. With some ISPs you can pay a bit extra and get static IPs.
Only other way I can think of to stop programs being closed etc is having a locked down setup using local group policies. I don't believe gpedit is included in Windows 7 home though (if that's the version you use).
I use LogMeIn over TeamViewer. I've only used TeamViewer on the odd occasion at work with customers. As it's easier to talk them through setting it up to allow me to connect than setting up LogMeIn. LogMeIn works from a locked RDP screen as well (although sometimes on first boot the service will fail to start until you've logged in).
-
Thanks. I'll keep looking as well but still got my eye on the one I mentioned. I have a small, 12" Core Duo HP running Windows 7, but it runs like a dog now. Does my nut in, hence I wanted to go for power. When I was stuck in a hotel for 3 nights due to Windows 7 training, it was a pain in the arse attempting to run VMs on it in the evening for practice. Ended up giving up and just watching movies on it and a lot of Columbo. Can never go wrong with episodes of Columbo :)
-
Looking to get a laptop for personal use to compliment my decent lab PC. The lab PC runs ESXi with a few VMs. It's a decent powerful PC but I'd also like a powerful laptop to go with it. The laptop will be mainly used to connect to the ESXi so some might believe doesn't need to be powerful. However, I also want to run VMs on it at times when not on the lab machines, hence laptop needs to be somewhat powerful as well.
I've looked at this one so far
Fujitsu Lifebook N532 Laptop
Can get it for a little over £1k from ebuyer and has a 1.5TB HDD. I'd like to put 16GB in it at some point and finding a review somewhere it showed it was pretty easy to repair this laptop if it ever fails. So another plus point.
Anyone got any other suggestions?
I don't do Apple :)
-
Another reason Xerox's (is that right?) are annoying. Ricoh's also have some odd issues like this at times.
-
We used Marval at the last place I was at 3 years ago and House On The Hill now. Both kinda shit or maybe just not implemented how they should be.
-
No one can answer unless you post what motherboard it is. If a laptop, what laptop it is.
-
I know it's PC related the vid but have you tried this?
Britec's vids are always useful and good. Best of all, free.
-
Sorry for delay in reply. As always it stopped again & hasn't happened since. However, I also decided, the lab PC that was on with the domain, wasn't ever used for what I was intending. I was going to maintain the domain and roll out software using it etc. But got bored, so it just stayed on all day doing nothing. It is an ESXi setup so does have other VMs on it that I was using. However, they aren't important. I've not got a new lab PC that is more powerful and only switched on when I'm attempting to learn some stuff or need to setup VMs for testing stuff relating to work. The old one I've now decommissioned and I've removed my PC from the domain and turned the PC. Since leaving the domain and turning the PC off, I haven't had the issue.
But again, it's so random it could suddenly appear again. So although at the moment it might point to it being the domain that was the issue, I don't think it ever was due to the various tests I did (as above) with VMs not on the domain yet still suddenly doing it.
It does point to it possibly being a Firefox issue as the whole issue appeared to be coming to an end, but when it was doing it in all browsers, it would also do it on clean VMs. VMs that had just been built to test the idea. They were never put on the domain and went straight out to the Internet via the router, but still they started to redirect after a min. However, those VMs were being run in VMWare Workstation from my PC. The same PC that also had the redirect issue & I've read of late that it is possible for a local PC to be infected with crap & then that infection spread to VM's running on the main host (however, I highly doubt that was the issue with the VMs doing the redirect also).
So the current state is, the DC has been decommissioned and the PC it was on is off. The Draytek router has been replaced with a slightly newer Draytek. The lab PC for testing shit has been replaced with a more powerful one & all seems clean on it. The netgear unmanaged switch has been replaced for a cheap managed Zyxel 24 port one.
After all that, currently the redirect has stopped.
I have noticed a laptop that is on the network that I don't own (owned by another member of the house hold) was infected with crap at some point. I was attempting to install some software on it that refused to install because it didn't have permissions to the users temp folder. After trying to fix it for an hour I realised loads of the folder permissions are all a mess & I believe it was from some past infection. I'll have to clean and reload that as well, it's just possible it may have been creating the redirects or if it was an infection, the infection came from there.
All in all its been an odd redirect issue with no clear signs that (other than that laptop which I don't think really is the issue) any of the machines are infected with anything.
-
@Digip : I have my own domain setup at home for testing but instead of it being in a lab I put it on the main network so I could start rolling out software updates and software to PCs on the network. And being an IT Tech it was helping me learn. But I haven't really managed it properly, the DC does do updates whenever they are available and will reboot during the night if its done any updates. I did have a replication server setup but have recently decommisioned that but not made any difference.
@Pwnd2Pwnr : ISP is Xilo.net they are a reseller I believe and are using BE on my line (used to be using Cable & Wireless via Xilo but had speed issues and Xilo said C&W were slow at fixing anything and had old kit in the exchange, so I asked for the move to BE). They've said they can't see anything their end.
The odd thing is when it happens, if I fire up IE, it doesn't do it. If I also disable the NIC and do the same search in Firefox, instead of attempting to go to hugedomains, it does attempt to go to Google instead.
One thing I've notice in the Process Monitor trace I took is when it tries to connect to that address, just before the connection or just after I see an active.adobe.com connection. Don't know if it's related or not. I'll try and get an image of what I'm talking about up.
It's really odd.
-
You could take a look at one of these
I have one but never properly tested it and still haven't mounted it outside as it should be.
[Question] Defences Against the Ducky?
in Classic USB Rubber Ducky
Posted
And this is the problem. Some policies, although sound fine and good, aren't workable. Like the 1 minute screen saver madness. We tried this, which I've never agreed with, and it's unworkable. People do sit and read at times on their screen, or compare figures on screen to print outs. The screen saver kicking in every 1 min was driving people nuts and just isn't productive. Same with draconian group policies which even prevent us, the IT staff from fixing a problem in 5mins, having to spend 20 mins instead, fighting with group policy.
I don't have a ducky to test, but I wonder if Lumension would work to block this. It's what we use to restrict access to USB ports. You can plug a USB stick in, but it won't let you write to it because Lumension requires it be encrypted first with the Lumension encryption.