digininja

Yes you can know them. Access a few Debian boxes and checkout the file contents, you should then be able to make a fairly good prediction of the contents of the file.

If you can fingerprint the distro to one of the Debian varients, check /etc/debian_version or something like that, there are only a small number of possible values for that file. /etc/shells is probably also fairly fixed.

Go on, send me a PM and I'll have a look.

Best idea, get someone in who knows what they are doing. If you are having to ask on a forum about how to conduct a pen test, especially one that has anything to do with ebanking, then you really shouldn't be doing it. I know this sounds harsh and everyone has to learn, but this is not the environment to learn in, you mess up here and you could leave the company open to attack despite your report saying they are secure. I'd find someone who knows what they are doing, get them to do the job, and shadow them to learn from them. Do this a few times and then start to take a more active role with the second person watching what you are doing. It will take a while but you'll get to the point where you can do a test that will give the client what they actually need.

It is one of the reasons I recommend people have a go at dropping Windows and going native with Linux for at least a few months. If you can get used to using it on a daily basis then it makes your life a lot easier in the long run. And before people shout about Windows or OSX being a better desktop experience, I'm not saying switch permanently, just long enough to get comfortable with it and then make your mind up if you want to go back.

Please don't hijack other people's threads start your own.

So what you mean is you have seen problems with running Linux in a virtual machine with Windows as the host?

Sorry, I don't connect to random onion sites.

just enter the link and click the button, it is easy

Was just a basic CCNA, can't remember if it was anything specific.

For anyone curious about doing network stuff, I'd recommend doing a basic CCNA class in person. I did it years ago and even though networking isn't my thing, the act of building up networks, loading routing tables and then pulling cables to see what happens was really good fun. I'm sure you could do it all online and use virtual machines but the act of plugging one box into another, configuring it, then yanking the cable out really helps cement things in place, or at least it did for me.

Can you explain what you mean by this? How is a PC a Windows one or a Linux one? If you build your own, which is it?

Because the RUBBER (not Robber) Ducky is just a keyboard, all it can do is type things. Think about it this way, unplug the keyboard from your PC, plug it into the safe and then what would you do? That is what you get with the Ducky, all it is is a keyboard that can type things automatically. If you can't do it yourself by plugging a keyboard in then a Ducky won't be able to do it.

All the Ducky is is a glorified keyboard that types commands for you. It sounds like the safe needs some type of computer device to interact with it rather than just a keyboard to type commands on it. Therefore, "no, unlikely the Ducky can help you."

That sounds like much more than it acting as a keyboard and entering a password so no, unlikely the Ducky can help you.

It all depends what the USB port is used for. If it expects a keyboard to be attached and a code entered then yes, it probably can, if it mounts it as a USB disk and looks for a file, then no it can't. And to preempt the next question, read your manual to see which it is.

Like with a lot of things, it would probably depend on a cost/benefit analysis of you and your activities. If all you are doing is arranging to buy 100 biros from a Chinese firm, then they probably wouldn't get much from doing it so may not bother, if you are discussing arms details with some shady organisation, then they will probably do it and more. Due to the cost of labour and the way their government works, I'd guess that they would have more coverage than somewhere like the UK, but don't know for sure, all organisations have their limits.

Yes, no, possibly and maybe. Yes, it will protect at least some of your network traffic as it goes from your device through to the FastestVPN server, at that point, the server decrypts the traffic and sends it on its way. That is what is mean by between the end points, you to them, what happens from them onwards depends on the type of traffic you are sending. This should at least get your traffic through the Chinese firewall. No, the Chinese have some very strict rules in place and may block the VPN or mess with the traffic in order to be able to decrypt what they see, for example swapping out encryption certificates. When doing this, if the client has been written correctly, it should warn you that something bad is happening so you will be able to make a decision as to what to do. Possibly, without knowing something about how FastestVPN works, it isn't possible to say how well they configure the service, done well and all your traffic should go across the VPN, done badly and all sorts could leak out around it. Maybe, without fully testing it in an environment where you can monitor exactly what is going on then it isn't possible to know for sure. Something to remember, if you are using public wifi and they have a captive portal (a web login page), then you'll probably need to have the VPN off to reach it meaning all your traffic is flowing in the clear till you've logged in. Also consider "Evil Maid" attacks and general surveillance. A VPN is good, but a camera pointed at your screen watching everything you do will defeat the protections to a degree.

I think by reading this you've dragged me as well. Last night I was watching TV when all the power in the neighborhood went out except my TV which switched to showing reruns of the X Files. Went on for 2 hours then the power came back on but none of my neighbors could remember it going off. There is also a van parked up the street pretending to sell ice cream but every time I walk by they are out of Nobbly Bobbly lollipops. No real van would ever sell out of those, something is wrong.

Have you considered going to a publisher with all this? They wouldn't dare touch you if you made it all public and became famous.

In which case look for live box CTF challenges such as Metasploitable and the boxes available on https://www.vulnhub.com/ . And as for network stuff being the core, not really, there is no core. I'm currently dumping a client's full database through a web app vulnerability, on some networks you need to know wifi skills to gain access and softer skills such as analysing network design and segmentation also come in very handy. That is why I say to anyone who asks this question, pick what you are interested in and learn that. Don't try to jump in to areas that others say are sexy, fun, well paid, if the area doesn't interest you as whatever area you choose will probably also be sexy, fun and well paid once you are good at it.

First question, what are you interested in? And if you are running Mint, stick with that and install the tools you want to use in there. It is more work but believe me, it will work out better in the long run.

Slight correction first, you don't learn Kali, Kali is just a collection of tools that could be installed on any Linux distro. For learning the different tools, it all depends on what area you are interested in. I'd get on securitytube.net and find videos or tutorials on those areas and then play. There are also a whole bunch of different CTF challenges out there, again, depending on your area of interest depends which you choose. I'd also suggest not using Kali and going for something like Ubuntu or Debian instead and learning to install all the tools you want yourself, that will give you a much better idea of OS level stuff than just using a tool that someone else has already installed and configured for you.

Homework question?

Your original question was about licencing your software, 2FA is about authenticating users, they are two different things. Anything you do that is purely client side can be cracked, whether it is a basic password, USB token, 2FA codes (which are just passwords if you think about it), anything. They are cracked either by modifying the software and disabling the check or by working out how codes are generated and creating a code generator. If your 2FA codes are just MD5 of the current timestamp then I can create an app to generate a code whenever I want to. My suggestion for fingerprinting for licencing is just as vulnerable as a USB token except it requires one less USB port and can't get lost in a desk drawer or pinched by your kids to play with. - Do not copy/reuse any code (especially authentication part) from other softwares, this will make you more vulnerable. I'd disagree with this, find a project which is specifically written to do whatever you want and use that. No offence meant, but it doesn't sound like you are an expert in this area and so trying to roll your own authentication or licencing is probably going to end badly. It might not get hacked as no one might care, but the code probably won't be the best.