Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Lostyx

Pages: [1]
1
Hacking and Security / Benchmark Web vulnerability scanner
« on: February 20, 2015, 12:00:08 pm »
I saw some post about web vulnerability scanner.

First , if you come there to complain saying scanner are noisy, it's for kiddie, etc..
Just don't. Go away. Go cry somewhere else.
Scanner are noisy, if you attack you shouldn't use it right.
But in a security point of view when you're looking for finding a big web application vulnerability (in a pentest for exemple) it's great.
Yes you have to know how to do it manually, but it can save a lot of time, we won't debate about this there.

I m there to show you this work :

If you have a hard time to choose look at this :
http://www.sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html

the blog:
http://sectooladdict.blogspot.fr/

That guy did a serious work, nice to read it.

I recommend burpsuite and ZAP as a proxy, if you have a personal opinion about some other tools, tell me.

2
Beginner's Corner / Re: The best vulnerability scanner!
« on: February 20, 2015, 11:52:01 am »
Well, scanner aren't that bad when you lack time to do some stuff yourself.

Of course you have first to read paper , and how vulnerability work starting by the nicely documented site of OWASP.

Then you can start to try yourself on different site like hackme or hackthissite.

Once to take a grasp of it take a look at ZAP,Burpsuit,w3af etc ... oh and sqlmap ofc.

Everyone telling you to ban vulnerability scanner from your vocabulary don't know how it make life easier when you try to find some vulnerability.
The cons is the number of request he does... and it doesn't mean that you shouldn't test for vulnerability yourself.

If you learn "hacking" hum ... well you will often end up using both scanner and manual test.
They are going together.

Although your message, "I got some results" means shit to me.
Doesn't prove anything, be more precise : I tested blabla and got blabla vulnerability in x times.
but bloblo found less vulnerability but was really fast .
Some samples are good too.

A good process when you talk with this community, show them that you did research and that you did your homework.

3
Hacking and Security / Re: WAF pro/con - which one to choose
« on: January 20, 2015, 02:56:17 pm »
I know I answer some of my question since I m not the type to just ask a question without looking for an answer first or study it a bit :p

The main point was your point of view, and your return about WAF you could have used in the past or still use nowadays ! :)

And if you have interesting complementary information .

You never have too much opinion on a subject :)

Thanks for the answer !

4
Hacking and Security / WAF pro/con - which one to choose
« on: January 19, 2015, 02:29:23 pm »
Hey there,

I was studying some WAF, and I would like to have your opinion on the question.

So it's a bit of a debate but a constructive one please :)

First, I m conscious that WAF aren't "the solution" but a solution since it occurs on the level 7 of the osi model.
But still, I think that this is a nice solution for some website, In my opinion WAF are a good complementary solution but developer must continue to be careful about how they write their line of code ! :p

So far, I studied modsecurity, naxsi and ironbee !
By studied I mean put in place on a website and look at the log !
And well, I was quite surprising satisfied how good of a work they did :D
I will admit the principe of white list of naxsi is appealing and easy to put in place.
modsecurity is quite heavy :O
And Ironbee, where the lead developer is the founder of modsecurity itself , well Ironbee is more difficult to assimilate, but it work pretty well.

And now I was thinking, yes those WAF are cool, but society will most likely use some commercial WAF (like imperva, sonicwall, barracuda , and citrix for example ) I like the last one.

And it seems they offer a router on which operate the WAF manually configurable. (expansive for sonicwall and barracuda by the way )

And so I was looking for review, return of experience about those commercial tools (and the open source too of course).

(And sorry for my english, be tolerant I m a nice guy :p)

PS: grammar nazi can correct me if they want, it's a way to progress :)

5
Found it on the Webs / Re: Muslims killing
« on: January 08, 2015, 09:41:58 am »
Well, I m not a fervent replier there, but I read quite a lot.

And there I had to reply (yes I m french and yesterday I was proud of the reaction of my country but also other supporting country just a little parenthesis)
 
Fun fact (well not really but ... ) : One of the cops who get shot while he tried to stop them (with a single gun,that guy had balls) was muslim...
Soooo yes ... muslim killing other muslim in the name of the same god, hum ...

6
Found it on the Webs / Re: Web for Pentester
« on: July 16, 2013, 03:04:44 pm »
Yup Since I started to learn from pentesting , I found most of the information On this site .

It's really well structured , and the bootcamp is a goodway to start webpentest !

dunno if i can't give cookie right ? xD

7
Anonymity and Privacy / Re: Tracking back HTTP
« on: July 15, 2013, 01:43:10 pm »
How i keep my information safe : (i don't know how to track actually  :'( )


Well first of all , as proxx i don't use google .
Most of my research went through duckduckgo .

Even if i m using Tor , i don't think so it really help my anonimity since there is probably some organisation having a router on it , and doing their **** through it .


Hmm just reminding me i could say a lot , but there is this wonderful tutorial you should check for staying anonym and protecting your data ! :
http://evilzone.org/anonymity/the-art-of-anonymity-9178/


I thinks it's a good read !
But the main point is : if you are on internet , there will always be someone tracking you ...
You can't stay untracked at 100% ... except if you go in a jungle and live like tarzan  ::)


8
Hacking and Security / Re: how secure is your computer?
« on: July 15, 2013, 10:19:21 am »
Quote from: proxx on July 15, 2013, 10:15:27 am
Those who claim that something is secure wear suits not hoodies.


Wearing a suit at work ... and a hoodie at home ...

i guess it says a lot ...

9
Hacking and Security / Re: how secure is your computer?
« on: July 15, 2013, 10:11:15 am »
Quote from: techb on July 03, 2013, 01:37:14 pm
Agreed.

People are sheep. At my job we call them Sheeople. We sell antivirus made from F-Secure, it is shit, the company I work for is shit, it is all shit. But I get money when people agree to buy the shit. I use my knowledge and social engineering to get these sheep to buy the shit that is shit.

Sorry gh0st, your are just a sheep. It's not hard, it is just beyond the scope of what you are willing to learn.

I can honestly say the reign of Apple and Microsoft are slowly, slowly, coming to an end. The generations coming after use are learning via memes and other media that what they knew aren't what is best. It is up to us and what we teach to help the future. I have seen and read more in the about open-source and the likes in the last 5 years than ever. Let the geeks and nerds teach the up and coming.


Well , first i love the shit part , second you just summed up my mind in one comment  8) 
But since i have some relative still saying , yeah but i pay an expansive system to be secure ... it will be long to make an end to this evil reign .


Yeah , if you could just read some documentation , to check yourself if your computer is safe , it would be great , and the best way to look forward your computer security .




10
General discussion / Re: For those who think that they're too good to be considered noobs...
« on: July 12, 2013, 02:22:57 pm »
I m here to learn too , and really this message , well it put me in a good mood !

I can't agree more with what you say , you will never be the best .

Pages: [1]