Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Alin

Pages: [1] 2 3
1
Hacking and Security / Re: hackingteam.it - How is this legal/allowed?
« on: January 05, 2014, 02:49:29 pm »
Quote from: Phage on January 05, 2014, 01:20:54 pm
[size=78%]Alin; Exactly, claiming! A lot of people are claiming to be pen testers just because they have found a vuln or two on a website. And you can do just fine without Python and C. I know a really successful Pen tester and he uses Perl instead of Python and he's not particular good at C. He's a web app/network pen tester. It's not all about which languages you know etc. It's about how you apply your knowledge to the job.[/size]


1. I agree this is out of topic.


Again you go with the specifics of my examples. If you want you can replace Python with either Haskell, Perl or Ruby. The point I'm stressing is that lot of the people who come in here know none of the languages or have only written simple hello world in one of them. The guy you mention might prefer Perl, but he's still fitting in the box as a pen tester who knows technicality and that is what I'm trying to say.

2
Hacking and Security / Re: hackingteam.it - How is this legal/allowed?
« on: January 05, 2014, 01:11:46 pm »
Quote from: Phage on January 03, 2014, 01:54:56 am
Hacking is not only about pointers in C! And you can definitely be a successful pen tester/security consultant without knowing any C. I think you need to look at the broader picture and realize that there are many fields of hacking and many directions that doesn't require you to know C.


You can clearly see from my post that I was just making examples e.g. python or C. If you don't know either, you are not gonna make it as a successful pen tester in a technical environment. I might be stepping on some people here, but it's damn correct and I know a lot of people claiming to be pen testers.


I guess there is a reason why there are no discussions on security frameworks like ITIL, Sarbanes Oxley or any ISO standard, and that's because they are only compliance and not technical at all. Yes you can be a great security consultant knowing these frameworks and compliance rules, but they are not part of the technical discussion that are/should be happening in here. I'm not saying they should be disregarded as potential topics I'm just saying the categories available implies this being technical forum and lately the technical level have been low.

3
Hardware / Re: Which laptop would you choose?
« on: January 02, 2014, 02:32:28 pm »
Quote from: lucid on December 07, 2013, 10:55:21 pm
From what I hear it is, but I've never had one either. I also don't see why you'd need more then 8gb of RAM in a laptop... not that it hurts. What about brand names? Because I would never buy another Asus for example.
I think he means about compatibility.


8gb are fine for most laptops, but when you want to run some VMs it quickly becomes a shortage. I usually go for 4gb each for Windows XP and 7 and then you might want another unix distro as well. If you go full SSD and don't have to worry about paging due to speed it's not that big of a deal though.

4
Hacking and Security / Re: hackingteam.it - How is this legal/allowed?
« on: January 02, 2014, 02:19:41 pm »
Quote from: ande on December 09, 2013, 05:12:18 am
I am not quite sure I know what you guys mean. Looking at the forum statistics, we are doing just as fine as we have done for a long time. Not that I am as active as I once was, so maybe I don't have the full picture but nonetheless.


Well certainly statistics don't reveal much other than the site is being visited and that some people are posting. It does not reveal the fact that in general the discussions are based on basic knowledge to the general infosec guy and the level is quite low and uninteresting. I get the idea that as a forum it is important to be welcoming, but when most of the new people are here to learn about python and don't get the idea of pointers in C something is wrong as a "hacking community".

5
Hacking and Security / Re: Acoustic Cryptanalysis
« on: December 20, 2013, 07:42:54 pm »
Quote from: Matriplex on December 20, 2013, 07:31:54 pm
Damn, I just read something on this..
Really interesting concept. Not bringing my laptop out in public anymore, not that I do it much anyways.
You are safe in public. This attack is nice because we would not believe it to be possible. It's not something you could use in practice and you might as well physically talk the guy into surrendering his key.


I do agree the idea is awesome and it's ever more awesome it "works" in a perfect environment.

6
Hardware / Re: Which laptop would you choose?
« on: December 07, 2013, 09:22:36 pm »
I would never buy anything without SSD and at least 16 gig of RAM.


What are you using the computer for?

7
Hacking and Security / Re: What Should I Learn Next?
« on: December 07, 2013, 11:47:04 am »
Quote from: Matriplex on December 07, 2013, 04:28:50 am
Well. That was a little rude to be honest.
I don't mind being negatively criticized if I deserve it, however right now I don't believe I do.
These forums were made for people to learn and discuss hacking and security. If you don't want to contribute to that I think you'll find that you have a hard time fitting into this society.

Yes. They are languages. And yes, I have learned them.

I did learn my "shit", if I hadn't why would I be here now, would I? I would be "back at the drawing board hacking some shit."

Maybe you had a bad day or something, and if so I don't blame you for coming on here and flaming a person you don't know jack about. But please, next time refrain from doing so because all it does is add negativity to the environment and put other people down.

I'd be grateful if I got a serious answer from a mature person (like lucid, thank you very much).

@lucid

I'll check out Postgre and Oracle, I'd heard of them but never really looked into it.
You're right, there is so much out there, and I don't think I'll ever learn it all. Hopefully I can learn enough to have the knowledge be of use one day though.
Thanks for the suggestions!


Sorry for my outburst, I must admit to have had a little too much of alcohol, but the opinion I wanted to express is still the same. Why go looking for new topics to learn, when you most likely still have a lot to learn about the topics you known of?


You most definitely should not go and read the art of exploitation. You could, but it wouldn't be useful at all as you would end up knowing of a lot of thing, without actually being able to do anything useful with them at all.

8
Hacking and Security / Re: hackingteam.it - How is this legal/allowed?
« on: December 07, 2013, 01:04:15 am »
I'm also sorry for bringing up this old topic, but I'm really surprised by the reaction towards the use of "hacking" services by different governments. I don't know if the recent revelations just make you believe NSA is the only agency using the services, but you must never forget that NSA are working together with other top agencies around the world.


Why should the agencies not use these services, and why should people not provide these services? The internet do not have any general laws, and I am not aware of _any_ country that prohibited the use of bits and bytes and therefore no country has forbidden hacking by laws. In most countries, the use of hacking is prohibited by e.g. stealing data, but the question of "borrowing" a computer has never been raised. We will see a lot of malware mining some kind of online currency in the future, but is it illegal to borrow CPU resources? And do not just say yes, because in general there are no countries that has any specific laws with regard to this problem.





One must realise the use for intelligence agencies and it's not investigating what the wankers here at evilzone do. We are simply not a target, due to lack of intelligence in here. The pack of newbies in here makes the forum non-interesting for government agencies.


Stop bringing up moral questions about "hacking" as they are out of the scope, we must discuss what is really going on.


And at last, stop being naive. If the underground is using 0 days to target certain companies, why should the government not do so? Should moral be the reason _not_ to catch a bad guy? Have you ever watched a cops TV show and complained about the police breaking rules to catch criminals, cause they are doing it all the time.

9
Hacking and Security / Re: Can a Network admin know if I make a new account ??
« on: December 07, 2013, 12:14:03 am »
Connecting from 192.168.0.2 to 192.168.0.3 will require a common gateway to assign internal network IPs, thus will be traceable yes.

10
Hacking and Security / Re: What Should I Learn Next?
« on: December 07, 2013, 12:06:23 am »
Quote from: Matriplex on December 06, 2013, 02:59:04 am
So far I think I have done pretty well with teaching myself web security and how it is broken into. I have learned about LFI, RFI, XSS, SQL injection (yes I know..), and learned PHP, XHTML, HTML5, CSS, and am now learning JavaScript.

However now I am really not quite sure where I should go next? Should I just move on to a completely new topic, like processor exploits as explained in Hacking: The Art of Exploitation V.2, or continue with another subject of web security?

If web security what would you guys suggest I learn about next? Thanks.
So.. You won the bullshit bingo and know the terms LFI, RFI, XSS, and SQLi as well as the "languages" PHP, XHTML, HTML5, and CSS.. In other words if I gave you a test you would probably fail every single one?


You should learn your shit, you don't know web hacking by knowing the terms... Get back to the drawing board and get to hacking some shit...

11
Tutorials / Re: Introduction to ARM exploitation and shellcode part 1
« on: December 02, 2013, 08:58:16 pm »
Awsome.. A cookie for the contribution and looks ok

12
Hacking and Security / Re: Null encoding
« on: September 11, 2013, 10:57:39 pm »
Quote from: Deque on September 08, 2013, 02:34:11 pm
It's an encoding, not a cipher. The goal of an encoding is not to secure a text from being read, because the algorithm is all you need to know in order to decode it (and security by obscurity is sure not something desireable).
A cipher would have a key, so that the knowledge of the algorithm isn't enough to decrypt it and you can use different secrets for different messages (cracking one message won't help cracking all of the others immediately too, this way you can have different persons send messages to using different keys, without fearing that one person might be able to read the messages you send to the other)

Criticising null encoding for being easy to decode is the same as criticising base64 for being easy to decode. It doesn't make sense at all. An encoding should be easy to encode and decode.



A ciphertext does not have to be encrypted the way you define encryption (assymetric or symmetric keys). A substitution cipher is a weak encryption and one of the first described forms of creating cipher texts in history along with the caeser cipher.




Substitution cipher of the same word, but the cleartext is not "easily" known without knowing the alphabet/substitutions:
fpggrr
viuu66
fbppee


I'm sure you are well aware of all this, it's just for reference to other readers


The "null byte encoding" described is a fixed substitution, but it still is basically a substitution cipher and at first deciphering the method of cracking is the same as when the algorithm is unknown.




One reason compare the described encoding to a substitution cipher is TS's comment on "hiding"/securing text for people using the encoding.

13
Hacking and Security / Re: Microsoft warns it'll hand out zero days for Windows XP.
« on: August 17, 2013, 02:07:14 pm »
The title is a bit a play on words. They are not handling out zero-days, but when patching issues in successors to XP that heavily rely on much of the same code, they will reveal the issues that are present in XP.

14
Hacking and Security / Re: hackingteam.it - How is this legal/allowed?
« on: August 07, 2013, 08:08:38 pm »
Quote from: proxx on August 07, 2013, 08:41:30 am
You forgot option 5.
5.get sued by some company for being an evil terrorist ..
Again, kidding me? Do you have any idea about the laws for these kind of things? Selling applications is not illegal in any country yet, that same ting goes for an application that exploit flaws in other computer software.
On the other hand the laws for reverse engineering of software is very fuzzy.

There exists a number of legitimate businesses that makes money on selling exploits as well as software that could be considered malicious..

@ kenjoe41 - actually the open source community is well known to take security seriously, I suppose you don't have any experience coordinating vulnerability disclosures. The problem with some open source projects is that they are hobby projects and are not always maintained. Some projects are abandoned and only community driven, others are actively maintained and bugs are fixed in a matter of days.

15
Hacking and Security / Re: hackingteam.it - How is this legal/allowed?
« on: August 06, 2013, 07:53:52 pm »
Quote from: Mordred on August 06, 2013, 12:56:01 pm

Wow man, thank you for the resources! +1 cookie for you sir!


This @thegruqg guy is... dont have words to describe. Puss of society, a human infection. Fucking cuntbag maybe? Instead of offering the exploits ONLY to the original developers so that they can improve their product and offer better security to their users, he sells it to motherfucking government agencies so that they can spy on the population in a more easy fashion. I'm raging so fucking hard now... Fucking hell.


@proxx: standard human species situation. Bullets or cyberbullets, the difference is just the "cyber" part apparently.
Are you kidding me?


When having a 0-day you have four options;
1. Sell it on the black market and make potentially a lot of money.
2. Sell it to a company like ZDI.
3. Send the shit to full disclosure and get famous.
4. Coordinate release with vendor and expect 5-10 e-mails and 3-4 months until some random french idiot gets the point and then a couple months more testing 3-4 patches that does not fix the problem.


Guess I'm keeping with the first.

Pages: [1] 2 3