Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - lady__godiva

Pages: [1]
1
Hacking and Security / Re: war games / challenges
« on: November 15, 2014, 09:30:48 pm »
Quote from: Kiuhnm on November 15, 2014, 09:15:28 pm
In pentesting you don't have to solve challenges. If you find a vulnerability then the app is vulnerable; if you don't find any, then the app is secure. In both cases, you did your job.
If someone hack into your clients' systems you can always say that they were hacked by highly skilled black hat hackers! :)

Seriously, I'll just need some help here and there from time to time...

That is considered a bad attitude in pentesting. A vulnerability might not always be evident. The ability to spot these vulnerabilities makes the difference. It's not all about using automated tools, I think you know that. Anyway, there's nothing bad in asking for help.

2
Hacking and Security / Re: war games / challenges
« on: November 15, 2014, 08:23:34 pm »
Quote from: Kiuhnm on November 15, 2014, 05:03:18 pm
I read somewhere that war games and challenges are a good way to get some practice and prepare for CTFs.
But if I can't solve a challenge after trying hard and studying the relevant (or what I think is relevant) material, may I ask for some hints here? Or is it frowned upon?

Most of the time you should just persevere. If you feel like you covered everything you needed about that specific topic than keep trying. Otherwise you should revise the material/technique. Getting a hint will help you completing the challenge but i wouldn't recommend that as in a real world scenario (eg. pentesting) you might not have any clue.

3
Hacking and Security / Re: [Help] Web Hacking
« on: November 14, 2014, 11:20:14 am »
Books get outdated, tutorials get outdated too. In general, resources get outdated. I don't matter books vs tutorial or whatever, but i like resources that give good explanation. You might say that reading a couple tutorials and getting hands dirty is enough, in my opinion it is not. Most tutorials just tell you how to do things, but you aren't really understanding why you can exploit a certain vulnerability and your skillset will always be limited. The truth is, it depends on what you are looking for.

Quote from: Kiuhnm on November 13, 2014, 05:57:08 pm
Did you try this?
https://www.hacking-lab.com/index.html
Here's a list of challenges:
https://www.hacking-lab.com/Remote_Sec_Lab/caselist/

Thanks for sharing, i'm taking a look at it now.

4
Hacking and Security / Re: [Help] Web Hacking
« on: November 13, 2014, 10:58:09 am »
Quote from: Kiuhnm on November 12, 2014, 09:29:01 pm
The authors of that book offer a lab full of challenges/exercises. The access to the lab is 7 dollars per hour if I remember correctly. I think that's the easiest way to put what you learn in the book into practice. The main advantage is that you can focus on single topics as you study them in the book as opposed to having to deal with full penetration testing when you're still not ready.
That would be the first time I pay for my education (OK, except for the university) and so I'll leave that as a last resort.
Here are a few resources I could use:
http://www.amanhardikar.com/mindmaps/Practice.html

True, the lab they provide allows you to experiment a bit, but in the long run 7$/hour can be quite a big amount. Unluckily i don't know many alternatives, there's Hack this site, but personally i don't like it.

5
Hacking and Security / Re: Novice hacker - in need of advice
« on: November 12, 2014, 05:42:09 pm »
1) On the top of this section you could easily see "Where to start hacking" thread. You should read that first

2) There's no point in asking a question that you could answer yourself with a simple Google search.

My advice: Metasploit is not the best starting point if you are new to this.

6
Hacking and Security / Re: [Help] Web Hacking
« on: November 12, 2014, 05:31:14 pm »
That book is a really good one in my opinion and it can be considered a good starting point. It's well written and covers a wide variety of topics but remember that it is a book. It is an excellent resource but be sure to make practice as you go on reading it. 900 pages are worth nothing if you do not put what you learnt into practice (legally ofc), also because only by practicing you acquire full awarness and knowledge about that specific technique.

7
Anonymity and Privacy / Re: Best paid -no log- VPN?
« on: November 03, 2014, 10:04:01 am »
As bluedog.tar.gz said, you should create your own if you want to use a VPN. You may find out that there are some VPN which might seem more reliable than others, some will be cheaper and so on. In the end, you will never be able to tell wether they keep log and they provide good anonimity.

Creating your own VPN isn't that hard. There are many resources available for this. It's quite easy to find them on Google and maybe there's something about it in EZ too. If you create your own, you won't only have full control but you will also have the chance to learn something new, understanding how that staff works and how it's done, which is always useful knowledge. On the other side, you might make some mistakes while setting it up and configuring it, so be careful, pay attention and you'll be fine.

8
Hacking and Security / Re: Insecuriy of Facebook Security questions....
« on: November 03, 2014, 09:35:38 am »
What you are talking about is true. It's up to the user choosing an answer which isn't easy to guess. You are talking specifically about Facebook, but this is something that actually happens on most websites. More over i find interesting the most admins won't allow you (correctly) to bruteforce the login username/password, but will overlook how security question can be bruteforced instead.

So yea, security question relies too much on the user itself, which is a negative thing.

Pages: [1]