lattera

Members
  • Content count

    514
  • Joined

  • Last visited

  • Days Won

    8

Everything posted by lattera

  1. I just downloaded those two. I like them. I also bought the professional edition of Burp Suite and I gotta say I'm impressed.
  2. You don't decrypt a hash. Given the salt used (if one is used), you can brute force for the plaintext or a collision.
  3. I'll be there. I say we should meet up. This'll be my7 first Defcon, so I don't know how previous BinRev Defcon meet-ups work. Do we need to set a location and a day/time?
  4. Sorry for the late reply, been a very busy and completely random couple of days. So I didn't really mean "Intrusion Detection" to be interpreted as an IDS, like Snort. I meant it in a more generic way, as a method of logging and auditing. I also didn't mean "logging in" as getting a shell or logging in via RDP (we're a Microsoft, no ssh, just RDP, heh). I meant logging into our product, a web app. We don't properly log failed and successful login attempts. Since IIS doesn't log POSTed data, we still don't know if he got in successfully and which accounts he got in with if he did get in.
  5. SSL IRC is now fully and permanently enabled.
  6. Look into and practice SQL Injection and Remote File Inclusion.
  7. Welcome to BinRev! It's really hard to answer precisely a broad question. What kind of security are you interested in? Are you interested in learning web security or lower-level like buffer overflows, format string bugs, integer overflows, etc. or something else altogether? We're all here to learn and to teach, so let us know what exactly you're interested in.
  8. SSL is still down. The colo company needs to be contacted since the firewall rules keep getting reset. Sorry it's taking so long to get SSL stable, just been a busy few weeks.
  9. you could just run the real programs, like if you root it theres no need for a skype "app" you could just run skype Not true. Rooting allows you to take full control over the phone, treating the phone as a full computer. It allows you to tether. It gives you access to development apps that aren't shipped on stock phones. It allows you to run custom firmware. Rooting allows you to change the way Android looks. Change the theme, the bootloader, the on-screen keyboard, etc. You can also connect to an OpenVPN network if the firmware supports it. Sounds schnazzy, I have Verizon as a service provider, would I loose my cellphone/dataplan service if I upgrade and root, or is that something hardware level? Nah, you won't lose service at all. Rooting doesn't deal with the service you receive from your carrier; it just puts you in control of your device. I would definitely go for their new EVO phone. I've been looking at it somewhat today and I'm impressed with what I see.
  10. We don't do that here.
  11. It's an actual, production copy of the kernel and can be installed on current Win2k3 hosts. Here's a screenshot of a forums posting detailing how to install the kernel.
  12. I'd rather not post links, but it can be found via a popular hacker mailing list. It's the Windows Research Kernel, meant for academic study and downloadable only by MSDN Academic Alliance Administrators (professors). The source code is only the Win2k3 kernel source code and can be compiled and installed on any Win2k3 x86/64 box. edit[0]: Added one word.
  13. you could just run the real programs, like if you root it theres no need for a skype "app" you could just run skype Not true. Rooting allows you to take full control over the phone, treating the phone as a full computer. It allows you to tether. It gives you access to development apps that aren't shipped on stock phones. It allows you to run custom firmware. Rooting allows you to change the way Android looks. Change the theme, the bootloader, the on-screen keyboard, etc. You can also connect to an OpenVPN network if the firmware supports it.
  14. That router looks pretty freaking sweet. I might have to switch to that now that I'm hosting services.
  15. lol this. anyways....c'mon guys I'm not black hat, but it seems this forums policy (I could be wrong) is that you should make giving advice to hacking, legal. Knowing that, when someone comes on and possibly makes up some bogus story, that should put you at ease knowing you won't be hurting yourself or this forum giving this person advice on how to get into "his network." I mean really guys, I'm not saying teach everyone how to be blackhat, I'm just saying if you have the knowledge, share it and let someone else decide how to use it. That's why were on this forum in the first place isn't it? To teach and learn. ./endrant Well, the issue at stake is that supposedly this person owns this computer and somehow isn't able to get the password to their own computer because their IT outsourcing client is holding it ransom. The only real solution to the problem is fire that IT outsourcing company. They don't deserve to even be in business if they're acting like the original poster is relating. I do believe legal action could be taken as well, but I'm no lawyer. The solution is NOT to hack yourself, but to punish this company.
  16. Simple solution: fire them, hire me.
  17. The Droid Eris has finally been rooted. Good luck and have fun!
  18. It's really hard to answer a vague question without giving a broad answer. What in specific interests you about each of those areas? Have you already done some research? Tell us what you've found, maybe we can brainstorm some ideas off each other.
  19. The Droid Eris hasn't been rooted, yet. I've owned a G1 and a MyTouch 3G. I currently use my Nexus One. I bricked my G1, but I still have my MyTouch 3G, rooted. I Rooted my Nexus One as well. I love Android, and some would say I'm an Android fanboy. Once rooting is an option for the Droid Eris, I'd definitely root it.
  20. That's what a well-funded emergency fund is for. Right now, I could get into a car accident and lose my job in the same day and still live for a full year without having to worry about getting another job. Also, you should never, ever start a business without having another full-time job. The majority of start-ups fail within the first five years, leaving the founder in large amounts of debt. It's only when your start-up makes as much money (or more) than your current full-time job that you should quit your current job. Granted, I've never founded a successful company before, but I have many friends who have either started and failed multiple times or started and succeeded. The ones that succeeded kept the business out of debt.
  21. Exactly why I don't own a credit card. If I keep saving and investing like I currently am, I can buy a house in cash in full in four years.
  22. I'll be buying a blu-ray burner next week.
  23. SSL is currently enabled, but the firewall rules keep getting reset, blocking SSL. Use non-SSL (port 6667) for now.
  24. That may be a problem if you ever intend to buy a house or start a business. Also, they're actually quite useful for keeping a moving a cashflow if you know how to manage them correctly. Very handy if one needs a rental car, too. I do not think rental companies will accept Visa Debit Cards. That's actually a very popular myth. I've rented a car on multiple occasions from different renters using my debit card.
  25. I've never owned a credit card, nor do I plan on ever owning one.