Renegade7 Posted September 18, 2016 Share Posted September 18, 2016 Does anyone know someone who has the OCSP? I'm ready to make the investment in the labs, but want to confirm that custom Kali VM they are talking about is the same one that they have a Virtual Box version of. I run linux at home, and don't want to deal with VMware player unless I have to (been hit or miss in my years versus working with virtual box). https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/ Link to comment Share on other sites More sharing options...
SoulSkin Posted September 23, 2016 Share Posted September 23, 2016 (edited) Thought this was the best thread for this. Sounds like, at the very least, changing your Yahoo password and security questions (or just disable them) might be a good idea. http://www.computerworld.com/article/3123423/security/hackers-got-a-treasure-trove-of-data-from-the-yahoo-breach.html?nsdr=true Edited September 23, 2016 by SoulSkin Link to comment Share on other sites More sharing options...
Springfield Posted September 23, 2016 Share Posted September 23, 2016 At this point, I have so many usernames and passwords out there that I'm going to be hit up. My EBay/paypal was. Just a matter of time. I can't remember all the usernames and passwords or bygone websites. 1 Link to comment Share on other sites More sharing options...
SloppyOneXXVI Posted September 23, 2016 Share Posted September 23, 2016 On 9/18/2016 at 11:56 AM, Renegade7 said: Does anyone know someone who has the OCSP? I'm ready to make the investment in the labs, but want to confirm that custom Kali VM they are talking about is the same one that they have a Virtual Box version of. I run linux at home, and don't want to deal with VMware player unless I have to (been hit or miss in my years versus working with virtual box). https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/ I'm taking it right now, got my 21st box last night. I'm using virtual box and their "custom" image. I haven't had any issues at all. They say you can use the image from kali.org but might run into issues completing all the lab exercises. 1 Link to comment Share on other sites More sharing options...
Gamebreaker Posted September 23, 2016 Author Share Posted September 23, 2016 On 9/18/2016 at 11:56 AM, Renegade7 said: Does anyone know someone who has the OCSP? I'm ready to make the investment in the labs, but want to confirm that custom Kali VM they are talking about is the same one that they have a Virtual Box version of. I run linux at home, and don't want to deal with VMware player unless I have to (been hit or miss in my years versus working with virtual box). https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/ I want to eventually earn this certification. Any guidance you find on the best way to prepare for it please send my way. 1 Link to comment Share on other sites More sharing options...
tshile Posted September 28, 2016 Share Posted September 28, 2016 What have we learned about firewalls and IoT devices? Leave UPnP on and let endpoints punch holes in your firewalls. What could go wrong? http://www.theregister.co.uk/2016/09/27/152463_hacked_cameras_deliver_990gbps_recordbreaking_dual_ddos/ Quote The world's largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet. Two concurrent attacks against French hosting provider OVH clocked in at a combined 990Gbps, larger than any other reported. .... Link to comment Share on other sites More sharing options...
Gamebreaker Posted September 28, 2016 Author Share Posted September 28, 2016 Universal Plug N Play. SMH. If I had a dollar every time I had to turn that off on a device I'd be retired. 1 Link to comment Share on other sites More sharing options...
tshile Posted September 29, 2016 Share Posted September 29, 2016 On 9/22/2016 at 10:10 PM, SloppyOneXXVI said: I'm taking it right now, got my 21st box last night. I'm using virtual box and their "custom" image. I haven't had any issues at all. They say you can use the image from kali.org but might run into issues completing all the lab exercises. I'm actually just getting started with playing with the VM and reading the Metasploit handbook (just synced it to my kindle ) I have a few questions Are you going through the cert to get into the field, or are you already in the field and this is just part of your education/improvement? How valuable have you found it to be, specifically related to the price? Where do you realistically expect to go/use this knowledge? Just curious.... Guy i know who's pretty into the security business said that Kali distro is about as good as it gets. He said it'd take me 45 years to set something similar up on my own Link to comment Share on other sites More sharing options...
SloppyOneXXVI Posted September 29, 2016 Share Posted September 29, 2016 49 minutes ago, tshile said: I'm actually just getting started with playing with the VM and reading the Metasploit handbook (just synced it to my kindle ) I have a few questions Are you going through the cert to get into the field, or are you already in the field and this is just part of your education/improvement? How valuable have you found it to be, specifically related to the price? Where do you realistically expect to go/use this knowledge? Just curious.... Guy i know who's pretty into the security business said that Kali distro is about as good as it gets. He said it'd take me 45 years to set something similar up on my own I'll try to answer each question individually... but I feel a long post coming.... I've been working in network security for about 5 years. I have my Security+, CEH, and a computer science degree. The OSCP was always touted as much harder than any other networking/security certification, and I wanted to see for myself. And yes, it is really hard. It can't be beat for the price.... IF.... and this is a HUGE if.... you at least have some background in pentesting/networking/programming. If I had tried to take this course 4 years ago I would've hated it. Some people on the forums complain they don't even know where to begin, and generally those people have very little background in security. Everyone will have their weaknesses, but you need to know some programming (atleast simple python), basics of networking, and the basics of how Linux and Windows work. I think it is 10000x better than any SANS course for 20% of the price. However; you have to put the time in, I work on it about 3 hours daily, and it is like college where you basically read a book and teach yourself through exercises/videos. I work in net defense consulting, so I'll use it to understand vulnerabilities better. I think this class has taught me more about traffic analysis than any SANS course ever could. I don't really see myself being a pentester full time though. Honestly, the pentesting world is (generally) a giant scam, a company comes in, runs some nessus/burpsuite/openvas scans, prints the results, and then sends a bill to the customer. There are good companies out there too, but the commercialization (if that's a word?) of network security scares me. Also, life as a pentester means travelling a lot which isn't appealing to me. Yeah the Kali distro is great, but I don't think it is light years better than a regular Kali distro. I know some pentesters that actually use Windows. It is all about preference, what tools you want to use, what you're trying to exploit, etc. But yes, it would take forever to build. And my final two cents that you didn't ask for: Don't spend too much time learning metasploit. It is a tool that is nice to know, but the class focuses on how exploits work, how to manipulate code, vulnerable services/OS versions, etc. Metasploit is only a small part of the class/exam. 3 Link to comment Share on other sites More sharing options...
tshile Posted September 29, 2016 Share Posted September 29, 2016 (edited) yeah i've got about 10 years (ugh getting old) as a sysadin and programmer with a cs degree. most software development jobs are web/mobile development and i hate that work. i'd love some of the more hard core programming, but that would require moving or a terrible drive. so i'm screwing around with this stuff. i'll have to see how much that cert costs i should mention the book i'm reading is called the metasploit handbook, but it's more like you're talking about. it's written by the people at offensive security. Edited September 29, 2016 by tshile Link to comment Share on other sites More sharing options...
PokerPacker Posted September 29, 2016 Share Posted September 29, 2016 19 minutes ago, tshile said: yeah i've got about 10 years (ugh getting old) as a sysadin and programmer with a cs degree. most software development jobs are web/mobile development and i hate that work. i'd love some of the more hard core programming, but that would require moving or a terrible drive. so i'm screwing around with this stuff. i'll have to see how much that cert costs i should mention the book i'm reading is called the metasploit handbook, but it's more like you're talking about. it's written by the people at offensive security. I moved all the way to Texas to get a nice non-web-development/mobile job. ... Guess that didn't work out all that well :/ Link to comment Share on other sites More sharing options...
tshile Posted September 29, 2016 Share Posted September 29, 2016 5 hours ago, PokerPacker said: I moved all the way to Texas to get a nice non-web-development/mobile job. ... Guess that didn't work out all that well :/ Yeah, San Antonio right? Why, what happened ? Link to comment Share on other sites More sharing options...
PokerPacker Posted September 29, 2016 Share Posted September 29, 2016 3 hours ago, tshile said: Yeah, San Antonio right? Why, what happened ? Got laid off 4 weeks ago. Link to comment Share on other sites More sharing options...
tshile Posted September 29, 2016 Share Posted September 29, 2016 aw that sucks dude, sorry to hear Link to comment Share on other sites More sharing options...
PokerPacker Posted September 29, 2016 Share Posted September 29, 2016 16 minutes ago, tshile said: aw that sucks dude, sorry to hear Not the most ideal situation, but I'll have to make the most of it. Saved up more than enough money make it through the end of the year/lease without any income, so I can try to enjoy my new-found free time. Also, I've been blessed with a situation where my former boss has no reason not to give me a positive recommendation since I didn't do anything to get myself fired, and there's no conflict-of-interest of them preferring to keep me to themselves. Plus I've got a phone interview today for a position that pays around 35% more and is in a field I want to get into. 3 Link to comment Share on other sites More sharing options...
Renegade7 Posted September 30, 2016 Share Posted September 30, 2016 23 hours ago, PokerPacker said: Not the most ideal situation, but I'll have to make the most of it. Saved up more than enough money make it through the end of the year/lease without any income, so I can try to enjoy my new-found free time. Also, I've been blessed with a situation where my former boss has no reason not to give me a positive recommendation since I didn't do anything to get myself fired, and there's no conflict-of-interest of them preferring to keep me to themselves. Plus I've got a phone interview today for a position that pays around 35% more and is in a field I want to get into. Been there before, man, ended up on unemployment after not passing a 90 day review. They were very supportive, but I had just moved into first apartment. Had to pick up more hours washing dishes while looking for new work, but used that time to pick up some CompTIA certs as well. You're a good dude, smart one, and cats like you tend to land on their feet. Good luck. Link to comment Share on other sites More sharing options...
tshile Posted October 4, 2016 Share Posted October 4, 2016 When I woke up this morning what i said to myself was: Man I really want to deal with random data/voice issues caused by Level3 having a nationwide outage. Link to comment Share on other sites More sharing options...
Gamebreaker Posted October 4, 2016 Author Share Posted October 4, 2016 Changing your name doesn't prevent some of us from remembering you're still Time Warner, and you're still terrible. Link to comment Share on other sites More sharing options...
Renegade7 Posted October 8, 2016 Share Posted October 8, 2016 (edited) 0-1 so far on my weekend project of root phone, install ssd in laptop, wipe desktop with fresh OS. Verizon, you are horrible, controlling duchebags. My phone is paid off, let me do me, dammit, I'm not bothering anyone. Anyone find a way around qualcomm secure boot, or ya'll kinda meh to the whole rooting phones thing? I'm trying to remove as much of this tracker bloatware as I can and use apps like applocker to help limit the reach of the apps I do want to use. Looking to see if I can maybe just get a new ROM on there instead, like CyanogenMod, but that all sounds like wishful thinking now. Edited October 8, 2016 by Renegade7 Link to comment Share on other sites More sharing options...
PokerPacker Posted October 8, 2016 Share Posted October 8, 2016 2 hours ago, Renegade7 said: 0-1 so far on my weekend project of root phone, install ssd in laptop, wipe desktop with fresh OS. Verizon, you are horrible, controlling duchebags. My phone is paid off, let me do me, dammit, I'm not bothering anyone. Anyone find a way around qualcomm secure boot, or ya'll kinda meh to the whole rooting phones thing? I'm trying to remove as much of this tracker bloatware as I can and use apps like applocker to help limit the reach of the apps I do want to use. Looking to see if I can maybe just get a new ROM on there instead, like CyanogenMod, but that all sounds like wishful thinking now. I've been considering putting Cyanogenmod on my phone for awhile, but I haven't gotten around to it. Link to comment Share on other sites More sharing options...
Gamebreaker Posted October 8, 2016 Author Share Posted October 8, 2016 (edited) @Renegade7Before I switched to Apple I was always rooting my android phones. That was a while ago. A friend of mine left Verizon over them locking down the boot loader. Have you tried that xdadevelopers website? If there is a way to get around it I'm sure you'll find it there. Edited October 8, 2016 by Gamebreaker Link to comment Share on other sites More sharing options...
Renegade7 Posted October 8, 2016 Share Posted October 8, 2016 (edited) 50 minutes ago, Gamebreaker said: @Renegade7Before I switched to Apple I was always rooting my android phones. That was a while ago. A friend of mine left Verizon over them locking down the boot loader. Have you tried that xdadevelopers website? If there is a way to get around it I'm sure you'll find it there. xda is where I typically start when I root before. I should've done it back when I was on a previous version of Android, paying for not making time for this. Even stuff like one root click doesn't apply to sm-n910v. I'm going to take a break and take care of my other two tasks then come back to this. One of the things this also does is preventing me from going to a previous stock rom with older firmware, which was my next course of action. I'll know when the brick risk is getting two high, but if ya'll come across something in your travels, I'm all ears. Thank you both for your responses. Edit: Think I found something: http://www.androidsage.com/2016/04/15/how-to-unlock-bootloader-on-verizon-galaxy-note-4-root-and-install-twrp/ Edited October 8, 2016 by Renegade7 Link to comment Share on other sites More sharing options...
tshile Posted October 13, 2016 Share Posted October 13, 2016 This is what I get for coming in and working right away instead of reading my rss app Quote GlobalSign screw-up cancels top websites' HTTPS certificates Revoked certs may linger for days, locking people out of sites http://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0 http://www.theregister.co.uk/2016/10/13/globalsigned_off/ I wasted so much time on this thanks gobalsign. asshats. Link to comment Share on other sites More sharing options...
PokerPacker Posted October 13, 2016 Share Posted October 13, 2016 Dump 'em and get a Let's Encrypt certificate. Link to comment Share on other sites More sharing options...
tshile Posted October 13, 2016 Share Posted October 13, 2016 It's not my system with the problem, it's a vendor a client uses. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now