Primz
-
Posts
89 -
Joined
-
Last visited
Posts posted by Primz
-
-
Not possible as of yet.
-
Ok have only skimmed over all the above but just want to throw in my 2 cents. Dos and donts really. Skype is hugely penitratable, if you have a used laptop you should completely reformat it, if you have a company laptop and have been sent malicious links via mail then it's a result of your company's exchange filter of what gets though so the fault is in then, have you been using this laptop for downloading music, movies, any torrents ect? If so you could have downloaded a RAT without noticing (remote administration tool), have you been opening up any word or excel documents that have macro attached? There is so many routes to gain access the list does go on. But if your company wanted to actually look into the mater legally they would need to send it off to a data forensic company for review, any inhouse reviews are just the first step.
Personally if the company is at fault and didn't secure the network or hardware you work on remotely then the fault is with them. Even if you was using the internet to download all sorts it's still in the company's interest and legally tender to keep all info secured properly and a leak of data to a minimum of a breach has happened.
So it is a hard one to say tbh I would love to put your mind at ease. Maybe a side not tho. I once got contacted by a company looking for a security issue they had, long story short there was unknown logins to the company's cloud remotely, 1 week of full scanning checking and poking about and it turned out that the IT manager forgot his laptop charger and decided to log into the cloud from a Internet cafe in London...... there was the security breach lol. He was at fault in one way but again he didn't lose his job.
So if we being really honest here and you know you not done anything silly or anything then, you go to your meeting, look them in the eye and say, this is no known fault of my own, before any hearings I would like a data forensic team to look into this security breach as I believe I wasn't negligent and this is a internal company security matter.
Hope all goes well
let us know how you get on
-
On 04/10/2016 at 0:53 PM, pentestgeek said:
This is an extremely common request among companies who hire a third party penetration tester. What they are asking for is called a Letter of Attestation also sometimes referred to as a customer summary letter.
It is usually no more than a one page document on the letter head of the company or individual performing the penetration testing. It usually says something like.
----------------
Company XYZ has contracted Organization Y to perform a penetration test of their XYZ environment in accordance with security best practices and XYZ compliance. Our testing activities were conducted between date 1 and date 2 blah blah blah.. We adhered to the follow approved testing methdologoy
- hyperlink to some pentest standard and/or framework
During the testing Organization Y concluded that company XYZ as implemented adequate security controls to protect against commonly exploited vulnerability including:
* bullet list of OWASP Top 10 or something...
----------
You get the idea, its just something light and fluffy that they can show to their customers/auditors/investors or anyone else asking to "prove" that they did a pentest.
Hope that helps.
Couldn't of said it better myself.
-
Well hello everyone...... has been a long long time. Sorry for the absence but work, family and life in general does get in the way sometimes. Anyways to the point for the last 3 years have been going about my pentesting career and lately have been involved in the R&D on a new network auditing and monitoring suit of tools. They are not letting off much at all on what they are working on but have said it's a network tool and they have given me a feedback form or should I say book of forms and the bulk of it is them asking what arsenal of tools/features would I want to see if I could make my own product for my own network? Good question to be honest as this is something I've not really thought about. As I use metasploit in pretty much all of my pen tests, I only really look at it from one side of the fence and again use the same steps for all my pen tests to be honest apart from the odd tweak here and there if needed. But from a network managers point of view what would they want and what tools would they want to encompass for network monitoring, pattern detection, network A.I, port and device scanning, traffic info, exploit testing, sql scanning, auditing and reporting in real time ect, credential security ect you name it.
So so being blunt, not for you guys to do my homework for me but if it was your network and you had a tailor pick a suit of tools (open source) then what would they be and why?
Primz
-
On 25/05/2016 at 4:34 AM, tomsquire said:
Hello everyone i'm new to the forums and just got my new TETRA loving it.
I have been slowly but steadily educating myself in hacking over the last 2 years last year went to Defcon and this august i plan to again the reason being is i would love to get a job in the IT industry (FYI i poor coffee weight now at america's Favorite shit coffee house) but every night i come home and work on my CCNA figure it would be a good first credential to pick up to move into a IT job i guess why i'm posting this i would love to hear from others on tip as far as moving towards a decent job at least one that pays me better then 10.25hr and i don't burn myself on a daily bases for minimum wage
. In the long run i would love to be a professional pen tester going to Defcon so far has been well worth it have met like minded people and made friends.
SOunds like the start of a new hacking tv spin off show :) By day he pours coffee and by night he cracks servers :) Am only playing.
Personly i think the possative attitude is most of the struggle as with pen testing network security things change very quickly and what nce worked today might not work tomorrow. I would say go for the smaller CONs tbh as like others have said its all about networking, regardless if your a begginer or a expert its all networking.
I would also say take a look at a Kali course as for myself this really did open my eyes to a lot of things, and my skill level would not be anywhere near as it is now if it wasnt for OSCP, but again there are many other courses paid or free available just have to look and do your homework.
As for a job in IT, what do you mean? As a job in IT can be anything from sales, account managment, IT manager, systmes manager, engineer, help desk, CRM. the list really goes on. What i think you might of ment is a job at network security / Pen testing and in that case i would say the above. Smaller CONS, mingle with the crowd and network, educate yourself in a area or areas you have interest in and take if from there.
-
Sweet. Thanks for the reply seb
Primz
-
Newbi3 thanks for reply dude. Am just about to order myself the tetra today as it's my birthday and if I don't treat myself then no one will ;)
so all the code for each module is on the pineapple where I can read modifie it of needed?
Primz
-
Hi all just a quick one, maybe I'm not looking in the right place but where is the best place to look to find all the code for each Tetra Modules that's available on the pineapple?
Primz
-
Yeah iv been wondering something similar myself. Is there somewhere I can find the modules for the pineapple to play around with the code and where I can find other modules that the community is working on for Kali and the pineapple?
-
Yeah the size factor of the nano is appealing but if purchased it will be part of my tool kit for pen testing. To be honest I do like the pineapple but with the markV I found it really just a mitm box so I hope the tetra put a bit more out than that tbh.
From the way it's looking I think it's going to be the tetra and obviously at somepoint will get the nano but we shale see
Going to hold off until the end of the month as decide then.
-
Hi all, hope everyone is having a good weekend. So I have been away from the forum for a while. Work, family and life in general. But while I have been away iv noticed in my absence the Hak5 team have popped out a few new pineapples so before I impulsively spend nearly $400 + shipping on both the new devices I was wondering is one better than the other? What would be the best device to get if I had to pick one? The tetra or the nano? Also how does the new devices differ from the MarkV? Is it just the hardware spec that is juiced up or is there more modules or better way of use?
Personally I loved the Mark V as it opened up the doors for me to have an interest in Kali Linux and take a kali course and now am starting out in pen testing as a professional career but mostly tbh I only really used the pineapple for mitm attacks everything else was done via Kali.
So I ask myself and the community this what one would you purchase is you had the choice of only one device? The Tetra or the Nano?
Let me know your honest thoughts as my money rests app-on this vote. :)
Primz
-
Hello all, hope all is good as can be. Long story short was just about to pay a immense amount for a phantom4 drone (£1250) (birthday present am not rich yet) and thought for that price I think the bulk of that money would be mainly the camera and controller as the spec of the phantom4 is generally standard with the added feature of flight awearness and obbstickal awearness and some pretty cool other trackong features but for that price I personally think I can build my own. I know some people who are a bit crazy and spend most of there time flying RC planes and helicopters and from their personal experience building a drone is not as tricky as you would think. I have had my eye on a fixed wing drone called the disco for a few months now but don't think it comes to market until the end of 2016. So do I wait for this disco fixed wing drone or do I get the phantom4 or do I make my own. Granted my own made drone will not be as swanky as the others that are on sale but the challenge and the fact that I would have built it myself sounds so rewarding. But if I do build my own drone I would want to go down the fixed wing route. Any ideas or thoughts?
Primz
-
Hello all long time no postie. Have been away for abot but have noticed in my absence the Hak5 crew has turned out a few new pineapples so thought il pop my big head back in and see what the fuss is about :)
Long story short I started with a wifi pineapple before I even took my first kali course so without the pineapple my pen testing days wouldn't have even have started so props for that, only thing is all my work is mainly done via Kali/metasploit and yeah the mark v was great but for me mainly it was just a mitm box everything else was Kali or metasploit. So am wondering other than the spec of the new devices what will make me spend nearly $400 on both devices and will I be able to do more than mitm attacks?
Will it in some time incorporate metasploit as tbh if the pineapple and metasploit had a night of passion the off spring would be amazing!!
Any thoughts and opinions would be great as it's either this or a new drone ;)
-
.... And how does that make sense? In 2013 alone over 11000 people died due to gun violence. Even if double-homicides are but 1/10th of that it's still more than 1 such event per day. I'm sure it's a big deal to the people involved and I wouldn't wish such a thing on anybody, but I don't see the logic in basically halting TV programming for a nation-wide network because one prick couldn't handle losing his job so he takes it out on his former co-workers.
i think its a way the show can get a bit of free publicity. Bit harsh to everyone involved imho as like cooper said believe it or not these things happen on a daily basis, if we know about it or not they happen sad to say, was just a added factor that they was a TV filming crew in the middle of a live broadcast.
My humble thoughts go out to the friends and familys and everyone that was involved.
But more to the point fucked up for Mr Robot to be poking their noes in and getting some free publicity out of it. im sure the wrights didnt predict this event happening so tbh i dont get it other that for free publicity
-
Yeah I think your right there cooper maybe should just throw up a thread on the topic and see how far it goes.
-
Also maybe cryptography or RATs (remote administration tools) how they work what they achieve the legitimate uses for such thing a ect
-
I was having a think and was wondering if anyone else would be interested in having a exploit or malware section on the forum.
I understand that there may be some legality issues for the Hak5 team but it is in the area of our interests and I understand that there possible will be some blackhat topics but I'm sure here at Hak5 it will mainly be white hat stuff.
The reason why I ask is a friend of mine gets paid to basicly go through software and fine exploits/issues and he is also a Hak5 fan and last weekend the question that I'm asking everyone now came up so hence the reason for my post lol
I understand that there may be some issues with this but again if you don't ask you don't get ;)
-
Haven't even seen the latest episode but after reading this thread again I doubt I will ;)
Again wish it all best but they surely can't get another season out of it.
-
i bet the guy they broke out of prison stole the poor little dog.
Poor thing is prob seeing all sort in mexico right about now lol
-
I just caught 30 mins of this weeks episode and decided to turn it off. Series link has now been turned off for this program as well so unless i see this thread explode with hype that MR Robot has pull it back to topic at hand....... then im sure that's the way it will prob stay. As come on this TV series is not at all Tech related or "Hacking" related it just is not. The shows plots are so out of this world and non realistic it really does baffle me.
Had very high hopes for this and still wish it the best of luck in the future but for me its a no.
-
yeah is a shame as i had high hopes for it tbh. Never know though it might turn it around but not holding breath. TBH i think we have seen the main character elliot walk his dog more than we have seen a linux screen lol if it keeps up this direction is def not going to make it past a 1st season.
Anyway time will tell.......
-
Ok i think for me i might be done with Mr Robot. Have just finished watching the 7th episode and the way the story line is going is way to far fetched. Sure any Hacking film / TV show will be far fetch to some point but this is really taking it to steps that don't make sense at all.
Sure it will still be recorded on my Tvo but i will not be rushing to watch it every Thursday morning with a cup tea :)
I can see why some people stay tuned to see what hacking routes the show is taking but its so very brief and not really factual, the concept is good dont get me wrong but imo the show is not about hacking and more directed to the leads characters moral compass, and his ups and downs in life......... with the odd mention of a exploit of a breif screen shot on linux.
Dont get me wrong i will be watching the next episode, im not completely done with it and hope that maybe in the next episode or soon after it turn back to the main focus and shines on some tec or some code of something more than his smack head neighbour or breaking someone out prison.
-
Il be getting one in the next month. Why is there a separate forum for it tho? Wouldnt it be better to keep things under one house?
-
Glad to hear you got it to where it needs to be in the end mate.
Remember any more issues, don't be a stranger.
. In the long run i would love to be a professional pen tester going to Defcon so far has been well worth it have met like minded people and made friends.
Pen testing tools
in Security
Posted
Stop spamming the forum dude