IDNeon

I'm currently in the middle of something but I skimmed through your post and want to give it more attention at some point in time. But I wanted to give food for thought. What I'm referring to is for instance take the concept of the VM itself, how it communicates whether in the hypervisor, or communicates through your own PC. These are not so secure, they are not like actually separated physical machines. That's what I've always been curious about and am very interested in getting to examine Qubes more thoroughly from that perspective...when I have more time. My point to that though was principally windows does function similarly, but instead of a hypervisor and VM sort of focus, it is done by windows. An application running for instance isn't running "within" windows persay, it's its own process, its own services, on a CPU, that windows is managing. Same with Qubes. Bah...I really don't have the time to sort out the specifics at the moment, but we'll talk, this can be a great thread. Do a data dump on what you like about it and such I'll get to it by the weekend.

That's like saying until there's a hack for windows ACL procedures that it's secure. My point is not that it's technically insecure, but that it's not logically any more secure than Windows. At its core it's not much different. Operating systems "virtualize" applications and services etc, and they all have methods of segregating them. Another way of putting it is, compromising a VM "firewall" still gives you privileges of that VM to the Dom0 that compromising the windows firewall application would do for the windows OS.

It never ceases to amaze me a Windows security function has a work-around that entirely avoids the point of the security. In this case, you can change your Powershell Execution policy from batchfiles ON the fly as you go through your script. So what is even the point of having an execution policy if I can just run a script anyway?

Thanks for providing me some of the nuts-and-bolts. A cursory glance at the AWS site shows that they have a procedure to pentest a company's ENTIRE environment that they own (with restrictions to EC2/RDS for instance). Which is good for you as a pentester. Just request permission and follow their restrictions to the letter and you'd be good. Furthermore there is a qualifier "to prevent adverse impact of services shared by others". So be mindful of that no matter if you are within the scope or not, because legally that qualifier takes precedence over any other. If you inadvertently damage a car it may be an accident but you may still be liable :) This is the world we've created so you gotta learn it. AWS is probably forgiving but still...it'll only get more controlled and procedural over time.

https://www.qubes-os.org/doc/qrexec3/ A little bit of research suggests that this OS isnt more secure than anything else. Everything passes thru Dom0 which handles all security for any program calls from any of the VMs. So what exactly is the point of segregating it into"VMs"? Windows operates in a similar fashion. And depending on the types of security imposed, maybe more securely.

How do the VMs communicate with each other? At what level and how is the security tokens between them handled? What's the point of running everything in separate VMs if they are all justa bridged network?

A friend and I are working on a database that allows the results of a global scan of all radio traffic (which is piped into a live-stream and already exists so that part's been done for us) to be cross-referenced to whatever known variables you want in the database and however many dimensions you want to reference it in. So if the NSA wanted to for instance customize the database they can scan the world's radio traffic and filter out all the noise (music, talk radio, whatever) and narrow it down to more interesting radio traffic (such as encrypted data transfers from nuclear ballistic submarines). Yes, the scanner picks-up even that traffic, and is a data-collector from many sites around the world that are participating. I'm willing to bet that the US Government hasn't hit upon this open and free to use aggregator of radio traffic across the whole world and institutionally recognized its potential. So, it is likely they don't already have a tool to do this :)

Microsoft has about 90% market share of global systems including all servers, I think Apple has something like 13% market share in Australia, so that's interesting. But I perceive Linux to be hype. What use is it? Ok fine it has a use and I'm just being devil's advocate to drive some discussion, but really though, getting good at using Linux just means you'll be really good at working with systems that are Linux based. Unfortunately for you that means very little in terms of your knowledge base and expertise in the wild. I suppose the idea "Hackers use Linux" got started up because: 1) Open source OS means full customization and you can tinker with it, that's pretty cool. 2) Kali (formerly Backtrack) had to build its trendy "Swiss Army Knife" using a linux distro because obviously you're not going to customize Windows. Don't hate on me too much, again just trying to create some lively debate. But if you ask me you'd be better off learning how to be a Windows Sys Admin and how to manipulate Windows environments. Let me ask you something. How do you change privileges in Windows using a single instance commandline for your payload? That's going to take some coding. And I bet Metasploit doesn't have the exploit prepackaged. (Because I had to build the tool myself).

One of the biggest hacks in the world was China breaking into Top Secret clearance level Pentagon networks by opening a Chinese Restaurant (literally) down the street and waiting for a couple years for its popularity and familiarity to grow enough until take-out menus got common enough in the Pentagon that finally, someone with Top Secret Clearance was dumb enough to order Chinese food through the provided website from within the network he was working on. This is of course....OLD news. I doubt such a method would work on the Pentagon anymore. (There's also an equally valid story about the Chinese leaving flash drives around park benches near the Pentagon in hopes someone would think "ooh...a free memory stick" and gain access through those.) But the moral of the story. Hacking has NOTHING to do with what Teabot 5000 told you. And it bothers me, pesters me to NO END, that that's what people think Hacking is. Hacking, is rather, "Security", and it's the business of making systems secure from people who use any method but a lot of them include programming, networking, knowledge of how to use tools. But let's face it, just because someone gives you a tiny hammer doesn't mean you're going to know how to make a piano. And unless you learn how to make a piano, that tiny hammer isn't going to do anything for you. Maybe you'll succeed at pentesting, I hear there's a large need of people to go around and perform tasks like monkeys so businesses can claim they are secure and write down their insurance premiums and call in their experts to say they have no legal liability when they get hacked because they "complied with the common standard". I suppose if you get good with wireshark, you can go do that. But if you would prefer real security analysis and discussion of hacking, hit me up. *PS* The above two stories, both revelations led to changes in behavioral systems at the institution (in this case the Pentagon). For instance now you are no longer allowed to carry in flash drives to the pentagon but rather have to use specifically issued ones for work only that don't leave, that kind of thing. Hacking is about seeing systems, and breaking them, that's it. Doesn't matter if it means launching some cool attack through 5 institutional hops, if you can just walk through the door and literally walk out with the data. *By the way that's what Snowden actually did do. Regardless of the cool myths about how he did it, he downloaded what he had access to, and walked out the door. And now he's regarded a genius hacker. Though he really was very technically skilled anyway. He's little more than a thief who walked off with someone's shirt. And that's why he's the genius. Because he saw that flaw and took it.*

This does nothing for me.

If it can use a text editor then I'm good lol.

Uh no. Can you show me the documented communication channels to legally notify you're going to hack Amazon's cloud infrastructure on behalf of pentesting some company's random crap virtual servers? I want to see the place that says "send this department a 1 page letter that says you're going to pentest within our infrastructure and how and when." First of all that just means to LEGALLY hack Amazon all I'd have to do is create a company...buy some AWS services...then legally pentest myself. I think your advice is just flat out WRONG.

I think this is an interesting question that was not answered. The question wasnt well asked so let me ask it another way. How do you pentest a company's infrastructure that is hosted by another company such as AWS? If the company is hosted by a cloud then it is not that company that owns the infrastructure and you can't pentest that. The company should declare to you that there is this hosting service hosting their infrastructure and that's all you can do is note its existence.

Hello, I reverse engineer systems. I specialize in automating tasks and providing scalable solutions for systems admins within a security operations center. I've found one zeroday Win7 exploit of a security feature during my career so far. I'm interested in what I may contribute to the forum and what discussions here might contribute to me.