December 17, 2017, 09:42:28 AM
Welcome, Guest. Please login or register.

"640 K ought to be enough for anybody." -- Bill Gates

Poll

What are you most intersted in learning?

Wireless Security
10 (16.7%)
Network Security
14 (23.3%)
Information Gathering
4 (6.7%)
Remote Exploit Hacking
6 (10%)
Local Exploit Hacking
1 (1.7%)
Cracking Passwords
4 (6.7%)
Social Engineering Toolkit
1 (1.7%)
Fast-Track
0 (0%)
Metasploit Framework
7 (11.7%)
Phishing & Harvesting
1 (1.7%)
Python Programming
8 (13.3%)
Basic Linux Stuff
2 (3.3%)
Other
2 (3.3%)

Total Members Voted: 57

Author Topic: Forum Topics  (Read 6643 times)

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3693
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
Forum Topics
« on: July 14, 2011, 04:04:20 PM »
I am looking for feedback for the main website. I will be making a lot of tutorials, PDF's, and a ton of valuable information which will make the site awesome. In the poll, if you selected other, please specify what other means. There are many topic that could be picked but I think this is far enough for now.

Chaser

  • Guest
Re: Forum Topics
« Reply #1 on: July 18, 2011, 12:38:46 PM »
That's a good one. Because I could only vote for one, I voted network Security. Mainly because I'm working with networks (Windows Server 2003/2008).

But everything on the list looks interesting!

mwin58747

  • Guest
Re: Forum Topics
« Reply #2 on: July 19, 2011, 02:32:45 PM »
information gathering hands down.

Offline iamwhatiam

  • Enthusiast
  • **
  • Posts: 73
  • Internets: +1/-0
Re: Forum Topics
« Reply #3 on: July 20, 2011, 11:03:59 AM »
Raven, I would like you to include SSL Stripping. I am going to post something about SSL stripping. Its basically an issue encountered during MITM attacks. Unlike the videos out there, showing successful SSL Stripping just by running it. I am not sure if any here are aware of the fact that sslstrip v0.8 has bugs(the one that comes default with BT5). It actually needs to be upgraded to v0.9

My suggestion here would be a tutorial on using sslstrip + possible issues encountered (this could help first time users a lot)

Thank you for your time Raven!

Peace \/

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3693
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
Re: Forum Topics
« Reply #4 on: July 20, 2011, 11:17:26 AM »
Thanks guys, all this sounds great!

Offline DJ-rb

  • Prospect
  • *
  • Posts: 43
  • Internets: +0/-0
    • My Personal Site
Re: Forum Topics
« Reply #5 on: July 27, 2011, 07:09:22 PM »
For the record I am interested in ALL of that :)

Offline Lai Khe_66

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 2
  • Internets: +0/-0
Re: Forum Topics
« Reply #6 on: December 06, 2011, 11:22:08 AM »
It would be nice if more than just one option could be chosen, I am just as excited about other options as the one I chose. Also if the scale for each additional option chosen increased it would let others know that other options would be covered  in depth as well. At present the chart indicates only a couple topics  are the main focus of everyone and obviously that’s not the case.

Just a thought!

Lai Khe 66

Offline n1tr0g3n

  • Super Elite
  • ******
  • Posts: 4734
  • Internets: +63/-2
  • MCSA, MCP, MCTS, DCSE, CE/H, ACSP, N+,A+, CWSP
    • n1tr0g3n Information Security Blog
Re: Forum Topics
« Reply #7 on: December 11, 2011, 04:33:34 PM »
Metasploit Framework for sure! Since there's so much to it now with all the new Auxilary modules, Karmetasploit, Meterpreter and stuff it can get confusing for people real quick. It's also fun to play with.
"It's mind over matter, If you don't have a mind then it doesn't matter

Youtube  Channnel
http://www.youtube.com/user/n1tr0g3n0x1d3
Twitter  https://twitter.com/n1tr0g3n_com
http://www.n1tr0g3n.com  
http://teamctfu.weebly.com/

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3693
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
Re: Forum Topics
« Reply #8 on: December 13, 2011, 12:52:42 AM »
Yeah that is coming up after my SQL injection course

Offline Malachai

  • Top Hat Member
  • Super Elite
  • ********
  • Posts: 2806
  • Internets: +18/-7
  • #!/bin/sh Day/Night (Grey Hat)
Re: Forum Topics
« Reply #9 on: December 15, 2011, 03:39:40 PM »
yes I have to agree that network security is what i like to learn since my new roll at work is networking. For a new n00b that doesn't know much that would help. But all the topic seem like a good idea down the road.
** Dont' judge me! **

*//
  Hope that Firewall works because your SCREWED  
  //*

Offline WW of OZ

  • Professional
  • ****
  • Posts: 275
  • Internets: +1/-0
  • Dragon Clock Security
Re: Forum Topics
« Reply #10 on: December 28, 2011, 11:10:32 AM »
I voted Network Security however I think Wireless Security is a big one and also if anyone is going to be truly pentesting anything larger than their home I think a good understanding of Social Engineering is a must. Nothing can kill a security system like an IT Team Member who offers up information to easily.
Who's the mage Whose major itinerary
Is making all Oz merrier? Who's the sage
Who's sagely sailed in to save our posteriors?
Whose enthuse for hot air ballooning
Has all of Oz honeymooning? Who - oo -oo
Wizn't he wonderful? Our wonderful Wizard!

Offline Malachai

  • Top Hat Member
  • Super Elite
  • ********
  • Posts: 2806
  • Internets: +18/-7
  • #!/bin/sh Day/Night (Grey Hat)
Re: Forum Topics
« Reply #11 on: December 28, 2011, 11:45:51 AM »
I voted Network Security however I think Wireless Security is a big one and also if anyone is going to be truly pentesting anything larger than their home I think a good understanding of Social Engineering is a must. Nothing can kill a security system like an IT Team Member who offers up information to easily.

Yes I have to agree on that. I know when vender call me over the phone or ask me questions in person about our system I don't tell me much or how we have it configured... I learned from reading online how admin share information and then it comes back to bit them....

Yes all the topic are good. But for me network security/ network scanning/ and wifi is what I like...
** Dont' judge me! **

*//
  Hope that Firewall works because your SCREWED  
  //*

Arvakr

  • Guest
Re: Forum Topics
« Reply #12 on: February 20, 2012, 09:18:32 AM »
The Poll should have an all of the above option on it because that is what i am trying do learn everything i can

Offline th3gr1m

  • Prospect
  • *
  • Posts: 7
  • Internets: +0/-0
  • 'Within Chaos...There is Profit'
Re: Forum Topics
« Reply #13 on: March 09, 2012, 08:10:04 PM »
Difficult pole. This goes in order from what I can see. You use information gathering (gather.py) or similar python scripts to determine wireless/remote security vulnerabilities that allow you to remote or locally exploit a network, which consist of cracking, penetrating, and harvesting using the social engineering toolkit in Fast-track, and the MSF!!

I think it would be cool to taylor your tutorials similar to the OFSEC guys. I would just start from the beginning. Me personally, I would like to know more on pentesting, privilege escalation, and using the exploit-db (which I believe is done through sql injection??.) I have messed with the msfconsole and fast-track a little to the point where I can create phishing/harvesting tools, social engineering tools, and payload and listeners. I would steer clear of basic linux stuff and programming because there is more open source support online for these already. Basically, no need to reinvent the wheel.
« Last Edit: March 09, 2012, 08:21:43 PM by BostonGeorge »

Offline th3gr1m

  • Prospect
  • *
  • Posts: 7
  • Internets: +0/-0
  • 'Within Chaos...There is Profit'
Re: Forum Topics
« Reply #14 on: March 09, 2012, 08:16:26 PM »
Raven, I would like you to include SSL Stripping. I am going to post something about SSL stripping. Its basically an issue encountered during MITM attacks.

This is the biggest vulnerability to the casual 3rd party in my opinion. Just crack the network, nmap the site to see what is running, port forward and set ip tables through a port, run sslstrip, begin arpspoof of the victim, then just in case run ettercap. This is why I use caution with public networks!

Raven, what were the primary issues of the older release? I have seen a ton of errors at times for reasons beyond me. Is this what you are referring to?