Jump to content
Washington Football Team Logo
Extremeskins
Forum Rules and Guidelines

Random Tech/IT Thread

Gamebreaker

By Gamebreaker
in The Tailgate

 Share

Recommended Posts

Renegade7

Renegade7

Posted
Posted

Does anyone know someone who has the OCSP?  I'm ready to make the investment in the labs, but want to confirm that custom Kali VM they are talking about is the same one that they have a Virtual Box version of.  I run linux at home, and don't want to deal with VMware player unless I have to (been hit or miss in my years versus working with virtual box).

 

https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

Link to comment
Share on other sites
SloppyOneXXVI

SloppyOneXXVI

Posted
Posted
On 9/18/2016 at 11:56 AM, Renegade7 said:

Does anyone know someone who has the OCSP?  I'm ready to make the investment in the labs, but want to confirm that custom Kali VM they are talking about is the same one that they have a Virtual Box version of.  I run linux at home, and don't want to deal with VMware player unless I have to (been hit or miss in my years versus working with virtual box).

 

https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

 

I'm taking it right now, got my 21st box last night.  

I'm using virtual box and their "custom" image.  I haven't had any issues at all.  They say you can use the image from kali.org but might run into issues completing all the lab exercises.

  • Like 1
Link to comment
Share on other sites
Gamebreaker

Gamebreaker

Posted
  • Author
Posted
On 9/18/2016 at 11:56 AM, Renegade7 said:

Does anyone know someone who has the OCSP?  I'm ready to make the investment in the labs, but want to confirm that custom Kali VM they are talking about is the same one that they have a Virtual Box version of.  I run linux at home, and don't want to deal with VMware player unless I have to (been hit or miss in my years versus working with virtual box).

 

https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/

I want to eventually earn this certification. Any guidance you find on the best way to prepare for it please send my way. 

  • Like 1
Link to comment
Share on other sites
tshile

tshile

Posted
Posted

What have we learned about firewalls and IoT devices?

Leave UPnP on and let endpoints punch holes in your firewalls. What could go wrong?

 

http://www.theregister.co.uk/2016/09/27/152463_hacked_cameras_deliver_990gbps_recordbreaking_dual_ddos/

Quote

The world's largest distributed denial of service (DDoS) attack has been clocked from the same network of 152,463 compromised low-powered cameras and internet-of-things devices which punted a media outlet off the internet.

Two concurrent attacks against French hosting provider OVH clocked in at a combined 990Gbps, larger than any other reported.

....

 

Link to comment
Share on other sites
tshile

tshile

Posted
Posted
On 9/22/2016 at 10:10 PM, SloppyOneXXVI said:

 

I'm taking it right now, got my 21st box last night.  

I'm using virtual box and their "custom" image.  I haven't had any issues at all.  They say you can use the image from kali.org but might run into issues completing all the lab exercises.

I'm actually just getting started with playing with the VM and reading the Metasploit handbook (just synced it to my kindle ;) ) I have a few questions

Are you going through the cert to get into the field, or are you already in the field and this is just part of your education/improvement?

How valuable have you found it to be, specifically related to the price?

Where do you realistically expect to go/use this knowledge?

Just curious....

Guy i know who's pretty into the security business said that Kali distro is about as good as it gets. He said it'd take me 45 years to set something similar up on my own ;)

Link to comment
Share on other sites
SloppyOneXXVI

SloppyOneXXVI

Posted
Posted
49 minutes ago, tshile said:

I'm actually just getting started with playing with the VM and reading the Metasploit handbook (just synced it to my kindle ;) ) I have a few questions

Are you going through the cert to get into the field, or are you already in the field and this is just part of your education/improvement?

How valuable have you found it to be, specifically related to the price?

Where do you realistically expect to go/use this knowledge?

Just curious....

Guy i know who's pretty into the security business said that Kali distro is about as good as it gets. He said it'd take me 45 years to set something similar up on my own ;)

 

I'll try to answer each question individually... but  I feel a long post coming....

I've been working in network security for about 5 years.  I have my Security+, CEH, and a computer science degree.  The OSCP was always touted as much harder than any other networking/security certification, and I wanted to see for myself.  And yes, it is really hard.

It can't be beat for the price.... IF.... and this is a HUGE if.... you at least have some background in pentesting/networking/programming.  If I had tried to take this course 4 years ago I would've hated it.  Some people on the forums complain they don't even know where to begin, and generally those people have very little background in security.  Everyone will have their weaknesses, but you need to know some programming (atleast simple python), basics of networking, and the basics of how Linux and Windows work.  I think it is 10000x better than any SANS course for 20% of the price.  However; you have to put the time in, I work on it about 3 hours daily, and it is like college where you basically read a book and teach yourself through exercises/videos.

I work in net defense consulting, so I'll use it to understand vulnerabilities better.  I think this class has taught me more about traffic analysis than any SANS course ever could.  I don't really see myself being a pentester full time though.  Honestly, the pentesting world is (generally) a giant scam, a company comes in, runs some nessus/burpsuite/openvas scans, prints the results, and then sends a bill to the customer.  There are good companies out there too, but the commercialization (if that's a word?) of network security scares me.  Also, life as a pentester means travelling a lot which isn't appealing to me.

Yeah the Kali distro is great, but I don't think it is light years better than a regular Kali distro.  I know some pentesters that actually use Windows.  It is all about preference, what tools you want to use, what you're trying to exploit, etc.  But yes, it would take forever to build.

And my final two cents that you didn't ask for:  Don't spend too much time learning metasploit.  It is a tool that is nice to know, but the class focuses on how exploits work, how to manipulate code, vulnerable services/OS versions, etc.  Metasploit is only a small part of the class/exam.

 

  • Like 3
Link to comment
Share on other sites
tshile

tshile

Posted
Posted (edited)

yeah i've got about 10 years (ugh getting old) as a sysadin and programmer with a cs degree.

most software development jobs are web/mobile development and i hate that work. i'd love some of the more hard core programming, but that would require moving or a terrible drive. so i'm screwing around with this stuff.

i'll have to see how much that cert costs :)

i should mention the book i'm reading is called the metasploit handbook, but it's more like you're talking about. it's written by the people at offensive security.

Edited by tshile
Link to comment
Share on other sites
PokerPacker

PokerPacker

Posted
Posted
19 minutes ago, tshile said:

yeah i've got about 10 years (ugh getting old) as a sysadin and programmer with a cs degree.

most software development jobs are web/mobile development and i hate that work. i'd love some of the more hard core programming, but that would require moving or a terrible drive. so i'm screwing around with this stuff.

i'll have to see how much that cert costs :)

i should mention the book i'm reading is called the metasploit handbook, but it's more like you're talking about. it's written by the people at offensive security.

I moved all the way to Texas to get a nice non-web-development/mobile job. ... Guess that didn't work out all that well :/

Link to comment
Share on other sites
PokerPacker

PokerPacker

Posted
Posted
16 minutes ago, tshile said:

aw that sucks dude, sorry to hear :(

Not the most ideal situation, but I'll have to make the most of it.  Saved up more than enough money make it through the end of the year/lease without any income, so I can try to enjoy my new-found free time.  Also, I've been blessed with a situation where my former boss has no reason not to give me a positive recommendation since I didn't do anything to get myself fired, and there's no conflict-of-interest of them preferring to keep me to themselves.

Plus I've got a phone interview today for a position that pays around 35% more and is in a field I want to get into.

  • Like 3
Link to comment
Share on other sites
Renegade7

Renegade7

Posted
Posted
23 hours ago, PokerPacker said:

Not the most ideal situation, but I'll have to make the most of it.  Saved up more than enough money make it through the end of the year/lease without any income, so I can try to enjoy my new-found free time.  Also, I've been blessed with a situation where my former boss has no reason not to give me a positive recommendation since I didn't do anything to get myself fired, and there's no conflict-of-interest of them preferring to keep me to themselves.

Plus I've got a phone interview today for a position that pays around 35% more and is in a field I want to get into.

Been there before, man, ended up on unemployment after not passing a 90 day review.  They were very supportive, but I had just moved into first apartment.  Had to pick up more hours washing dishes while looking for new work, but used that time to pick up some CompTIA certs as well.  You're a good dude, smart one, and cats like you tend to land on their feet.  Good luck.

Link to comment
Share on other sites
Renegade7

Renegade7

Posted
Posted (edited)

0-1 so far on my weekend project of root phone, install ssd in laptop, wipe desktop with fresh OS.  Verizon, you are horrible, controlling duchebags.  My phone is paid off, let me do me, dammit, I'm not bothering anyone.

Anyone find a way around qualcomm secure boot, or ya'll kinda meh to the whole rooting phones thing?  I'm trying to remove as much of this tracker bloatware as I can and use apps like applocker to help limit the reach of the apps I do want to use.

Looking to see if I can maybe just get a new ROM on there instead, like CyanogenMod, but that all sounds like wishful thinking now.

Edited by Renegade7
Link to comment
Share on other sites
PokerPacker

PokerPacker

Posted
Posted
2 hours ago, Renegade7 said:

0-1 so far on my weekend project of root phone, install ssd in laptop, wipe desktop with fresh OS.  Verizon, you are horrible, controlling duchebags.  My phone is paid off, let me do me, dammit, I'm not bothering anyone.

Anyone find a way around qualcomm secure boot, or ya'll kinda meh to the whole rooting phones thing?  I'm trying to remove as much of this tracker bloatware as I can and use apps like applocker to help limit the reach of the apps I do want to use.

Looking to see if I can maybe just get a new ROM on there instead, like CyanogenMod, but that all sounds like wishful thinking now.

I've been considering putting Cyanogenmod on my phone for awhile, but I haven't gotten around to it.

Link to comment
Share on other sites
Gamebreaker

Gamebreaker

Posted
  • Author
Posted (edited)

@Renegade7Before I switched to Apple I was always rooting my android phones. That was a while ago. A friend of mine left Verizon over them locking down the boot loader. Have you tried that xdadevelopers website? If there is a way to get around it I'm sure you'll find it there. 

Edited by Gamebreaker
Link to comment
Share on other sites
Renegade7

Renegade7

Posted
Posted (edited)
50 minutes ago, Gamebreaker said:

@Renegade7Before I switched to Apple I was always rooting my android phones. That was a while ago. A friend of mine left Verizon over them locking down the boot loader. Have you tried that xdadevelopers website? If there is a way to get around it I'm sure you'll find it there. 

xda is where I typically start when I root before.  I should've done it back when I was on a previous version of Android, paying for not making time for this.  Even stuff like one root click doesn't apply to sm-n910v.  I'm going to take a break and take care of my other two tasks then come back to this.  One of the things this also does is preventing me from going to a previous stock rom with older firmware, which was my next course of action.  I'll know when the brick risk is getting two high, but if ya'll come across something in your travels, I'm all ears.

 

Thank you both for your responses.

 

Edit:  Think I found something:   http://www.androidsage.com/2016/04/15/how-to-unlock-bootloader-on-verizon-galaxy-note-4-root-and-install-twrp/

Edited by Renegade7
Link to comment
Share on other sites
tshile

tshile

Posted
Posted

This is what I get for coming in and working right away instead of reading my rss app :(

 

Quote

GlobalSign screw-up cancels top websites' HTTPS certificates

Revoked certs may linger for days, locking people out of sites

http://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0

http://www.theregister.co.uk/2016/10/13/globalsigned_off/

 

I wasted so much time on this :( thanks gobalsign. asshats.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...