{SNIP} If you wonder: What emplyers expect
from pentesters/ IT security specialists?
Would it be premature of me to think one of the things emplyers [sic] would
expect would be proper spelling and proofreading, especially when making a
product announcement peddling my wares?
Cheers,
John
Those considering Tripwire I would ask they take a look at OSSEC-HIDS; the
filesystem change notification is outstanding and with inotify() support you
get immediate notification of changes. The monitoring and alerting of log
files is also exceptional. I am not affiliated with OSSEC in any
Sounds pretty neat to be honest. But one thing I'm wondering is that if
they have root, what's stopping them from turning that off? After all
they need root to load the modules in the first place, so if they are
in a position to want to do that, then they are in a position to turn
2. Do you think said phpmyadmin vulns are reasonable attack vectors in my
case?
I do, I believe this is to be the initial infection vector. Scanning for
PHPMyAdmin is often and frequent and since it's likely that it was present in
it's default (or one of the default) URIs discovery is
For future reference, and for the benefit of people searching for
solutions to similar problems: You've made the most common rookie
mistake. You have already trashed potentially critical information
about the attack by trying to clean up the server first. Don't do
that.
Tim, while I do
Subject: Re: [Full-disclosure] one of my servers has been compromized
From: ja...@zero-internet.org.uk
Date: Mon, 5 Dec 2011 17:36:53 +
CC: tim-secur...@sentinelchicken.org; lu...@sulweb.org;
full-disclosure@lists.grok.org.uk
To:
Why take the risk? You don't know what the attacker actually did
until you do some analysis. If you do analysis before capturing a
disk image, you're destroying evidence.
Rebuilding a server is not hard. It has a known quantity of effort
involved and reliably prevents further intrusion
Very useful john jacob ... really helpful.
do you maintaine your blog or any other resource you want to share with us.
thanx a ton .
Thank you for the kind words and I consider it an honor to have been helpful.
I do not have a blog. I have enjoyed this thread, sharing what I know, and
http://packetstormsecurity.org/files/25728/w000t-shell.c.html
It's a trojan, based on the w00t-shell.c code; the shell code adds a
passwordless root account under the name w000t.
Date: Mon, 3 Oct 2011 15:31:29 +0100
From: d.martyn.fulldisclos...@gmail.com
To:
.
Please do not recommend a Linux key-gen, I do not pirate GNU/Linux! I've seen
many of these Linux torrents floating around and the last thing I want is to be
sued over downloading Linux! Amazingly many of them are right out there in the
open too!
Kind Regards,
John Jacobs
Insect Pro is actively looking for partners to expand the frontiers of
Insect Pro and grow our penetration testing tool at a competitive
level worldwide.
Dear Sir, I would very much like to be a partner and I think this is an
exceptional product that not only offers more than what is already
Cheers,
John Jacobs
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. If a
vendor were to offer, say 20 evasions, well they would most certainly have our
business because 20 is clearly more than 11 or 10 respectively.
John Jacobs Patel
Sr. Security Engineer Evasion Specialist
Date: Fri, 19 Nov 2010 23:20:29 +0530
From: umamahesh.venk...@gmail.com
To: full
Of course it's wise to disable password authentication and just use
public key authentication.
Why? Ssh is encrypted, so you're not exposing a password when you login.
How
does public key authentication make you more secure (in a practical sense)?
Paul, it's more secure in that
Consequently, in my humble opinion I think there should be less focus on the
emotional interaction between Microsoft and Travis' findings. Of course it's
easy for me to assert this; when I wake up in the morning I don't have the same
challenges of wading through a soup of emotional fog and
I'm not the original author of this message, saw it pop-up on Snort-Sigs and as
a graduate student myself I figured I'd give this guy a hand to get more
visibility. I'm not so sure it's a troll. YMMV. -John
Message below, unaltered:
Hello Snort and Emerging Threats communities, this is
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hello FD, first and foremost thank you for the strong effort and excellent
signatures. As such, in an attempt to give back to a wonderful community, I
humbly submitted the following Snort rules for inclusion into the ET
signatures. A brief explanation is provided below:
The first signature
18 matches
Mail list logo
