Jump to content

Paper Tiger

Active Members
  • Content Count

  • Joined

  • Last visited

About Paper Tiger

  • Rank
    Hak5 Fan

Recent Profile Visitors

857 profile views
  1. I can't believe I forgot about Mimikatz!!!! How could I forget how that worked??? !!! Thanks guys! Senior moment I guess.
  2. Would Chron's Disease be when your computer suffers from the inability to follow a simple scheduled?
  3. Ok sooo....... How to proceed without sounding like a nut? I just moved to DC a month ago from Norther VA so I'm not new to this area and used to the military industrial complex. the other day I was walking my dog and swear I caught a laser in my right eye when I turned around, it was bright and that sucker HURT!!!! my eye has been hurting for a number of days now and I'm fairly sure It was a laser since I have been hit in the eye with a high powered one before, and even experience the same resulting pain. I thought nothing of it except it wasn't your normal laser and it seemed to hit me
  4. AHAHAHAHA - no big bucks here. I just found out I made less than 32K last year.... half of what my contract said. :( I'm about to start doing magic on the street, I love magic a lot more and it pays well during the warm months.)
  5. To answer your question, not at the moment but I have gotten the go ahead to build a lab for testing things like this. it should be up by the end of the month. Unfortunately even-though I'm taking more of a security role I'm still required to take calls from the helpdesk and that makes is really hard to stay focused on reading crashes and doing investigations like this.
  6. my thoughts exactly, I'm glad we're on the same page. It's probably setup to attack anyone it can, I have no reason to think this would be targeted. I'm going to pay that PC a visit and see if I can locate any web history from the rough time of the DMP to get more info. I was able to use this data to get management to actual listen when I say "Flash is BAD and shouldn't be installed by default and only if it's absolutely needed." currently they have it on every single box. They've been scratching their heads why IE crashes for about a month. I've been checked out because of lack of sleep and d
  7. The game is a foot! ......no, actually it's a game. I've been doing some sleuthing and thought this might be fun to share. I have a few crashes on my user base's PC's and it looks to me like exploitation attempts. I'm also hoping some of you my be able to help me focus on the right stuff. I'm not 100% sure what I'm looking at, but I know this isn't the usual DMP output because I see Jscript in my crash dump stack! For this post I will be analyzing crashdump files from the C:\users\%username%\appdata\local\crashdumps In the past month the performance monitoring software we use is showing IE
  8. I know right I love this detective stuff. Too bad Management took the PC and turned it over to an outside vendor before I could complete the decryption process and use bootable tools. :( However they did tell me that they're going to pay for my OSCP to get more of this going on in house. OSCP is a good start.... Scanning didn't show anything, and carbon black was ineffective too. the only way we knew the box was compromised was from insider threat software setting off an alarm from a time when the user was out of the office. I scanned that PC with a bunch of free tools and didn't find anyth
  9. AHAHAHAHAHAHA - Syrup or jelly? Thanks for laying it out for me like that, I really appreciate it!
  10. My understanding is that windows always stores passwords in SAM files on the disk. Got any good links to show me how to implement what's your referring to?
  11. long story short: I had a box at work get compromised at and I pulled it off the network then initiated a forensic investigation. When the vendor came back with the report one section showed a memory dump of all the accounts on the box. All except one account showed their passwords encrypted, that last account showed the password in clear text in memory. What can I start looking up to understand how or why this would happen? I figured this would be a good place to ask this question. The PC is windows 7 and the account that had it's PW in clear text in the memory dump was domain admin.
  12. Not sure what's up, Maybe it is my post count. I just tried replacing the avatar in IE and Chrome to no avail. I'm fairly familiar IP.boards so I'm not sure the issue. My first pic was 960x960 pixels then I busted it down to 250x250 once I click ok the arrows spin but the change is never made.
  • Create New...