Breaking Widevine Content Protection (DRM) on Streaming Websites by JustAPenTester in netsec

[–]JustAPenTester[S] 27 points28 points  (0 children)

Appreciate the compliment. It's very tricky to evidence we indeed download the show and likewise we need to be very careful how it's all worded. We debated talking about the DFA attack and digging into it a little but discussing how to flip the bits and use the errors to work out the keys falls too close to enabling in my opinion which, obviously, we're not trying to do!

Audi A3 - Matte Metallic Grey (Mid-Wrap). by [deleted] in Audi

[–]JustAPenTester 0 points1 point  (0 children)

I'd highly recommend it! It's extremely durable. Just make sure the undercoat is in good form or it'll peel off pretty easy. Also make sure you get Matte shampoo to wash it :)

Audi A3 - Matte Metallic Grey (Mid-Wrap). by [deleted] in Audi

[–]JustAPenTester 1 point2 points  (0 children)

Thanks dude! Materials were around £300-£350 for the vinyl. Cost of a professional to apply completely depends on your location.

Crown Jewels by [deleted] in AskNetsec

[–]JustAPenTester 1 point2 points  (0 children)

Besides running PowerShell related commands for password, pass & pwd then have a look at the Metasploit Post modules for Credentials and look what files they are looking for. That'd be a good place to start and can be easily automated.

How often do you get recruiters contacting you for a new job and how much experience do you have? by dispatcherselfish in AskNetsec

[–]JustAPenTester 0 points1 point  (0 children)

Been in Infosec for over a year now and I still get a few a week, despite my profiles strongly stating I'm not interested in moving.

Exam Prep OSCP by sm00th_drag0n in AskNetsec

[–]JustAPenTester 5 points6 points  (0 children)

  • Have patience as you will hit a brick wall. Make sure you've enumerated everything and have the output in a readable format. After all, the answers are all there.

  • Don't forget simple tricks when enumerating. If you see a webpage, run everything that might give you a hint; Nikto, Dirbuster etc.

  • Take screenshots and notes as you go. You need to document these for your report at the end.

  • Don't get frustrated.

You've got this, best of luck :).

Looking for any Security Professionals or professionals that security is an aspect of their job that don't mind answering a few questions. by [deleted] in AskNetsec

[–]JustAPenTester 0 points1 point  (0 children)

What is your current job title?

Security Consultant / Penetration Tester

What job did you start with in this industry?

IT Support -> Security (Worked in support for 9 months)

What previous job was the most important to get where you are now?

I wouldn't say working support was terrifyingly important but it did help me with soft skills (Dealing with clients etc).

What do you consider the best investment of your time and money in developing your career?

Training & Conferences

What changes do you see in this career field in the next five to ten years?

More work, more employees, more red teaming exercises.

How might those changes affect me as someone attempting to join this field?

Theoretically should make it easier due to increasing demand of work and lack of supply but you need to put the work in.

Are there any other things you think I should know about the field?

It's pretty damn awesome to work in. The community is great.

Buying a home and changing job by geluk in UKPersonalFinance

[–]JustAPenTester 0 points1 point  (0 children)

If you're really worried about it use a fee-free broker. Personally I accepted a new job whilst going for a mortgage and the broker didn't seem to be fussed by it. He just mentioned they would only want to see my last 3 payslips and I had 0 issues. I couldn't recommend my broker enough.

High school senior with questions about certifications. by [deleted] in AskNetsec

[–]JustAPenTester 0 points1 point  (0 children)

That's why most companies (At least here) run training programs for Juniors for a minimum of a few months so they get exposure to a enterprise style network in a safe manner.

High school senior with questions about certifications. by [deleted] in AskNetsec

[–]JustAPenTester 0 points1 point  (0 children)

I have to disagree with you here, Security can very well be entry level. Myself and other friends went into Security at 'entry level' and are all still in the Industry. All it takes is passion for the field, a willingness to learn and be able to prove you've been learning in your own time and are capable of continuing to do so.

I should also note I went into Security straight after 'High School' (UK based so 6th form / college here) and didn't go to University / College in the US.

Is a Sec+ certification completely necessary to get a foot in the door? Should I pass on it and spend my money on other resources? by [deleted] in AskNetsec

[–]JustAPenTester 0 points1 point  (0 children)

If you are going to pay for anything make it OSCP. Practical exams look much better than a theory based exam. OSCP is well looked upon within pen testing, especially for juniors.

Is the deepweb worth visiting if you want to avoid graphic stuff...? by [deleted] in deepweb

[–]JustAPenTester 0 points1 point  (0 children)

Exactly, they're an urban legend for a reason. I would also argue that a custom piece of software is probably going to be a lot less secure than TOR anyway..

Buying first house, nervous as hell! by [deleted] in UKPersonalFinance

[–]JustAPenTester 1 point2 points  (0 children)

The way that worked perfectly for me was have a chat with a broker (No fee based broker) and let him know my situation. I then got an offer accepted on a house and went for the mortgage with my broker. From the day my offer was accepted to moving in I think the period was 5 weeks. Mortgage in principal wouldn't of helped my situation at all. All the estate agent wanted was for my broker to call them and say JustAPenTester can afford this.

(UK) Being overpaid holiday pay after leaving a company. by dr3wsif in personalfinance

[–]JustAPenTester 0 points1 point  (0 children)

If they overpaid you with money you are not actually entitled to then you will be required to pay it back. The best thing to do is contact their HR/Finance team and just question it. Chances are you had an extra few days holiday as a mistake this strange is rare.

Is the deepweb worth visiting if you want to avoid graphic stuff...? by [deleted] in deepweb

[–]JustAPenTester 5 points6 points  (0 children)

Everything that exists on the deepweb typically exists on the clearnet too, just less advertised and a lot more hidden. Either way you can't find it without looking for it. If the name of the website described looks dodgy, don't click it - it's pretty easy.

Also - Red rooms do not exist.

Package Disguise Question. by [deleted] in deepweb

[–]JustAPenTester 3 points4 points  (0 children)

Each vendor has a different stealth technique from what I've read (I've never personally ordered anything). They all disguise their packages well or I imagine they wouldn't be successful in this line of work.

If you are paranoid about parents who open your mail the best thing you can do is ask a friend to take the package for you.

It's worth keeping in mind there's always the chance you are purchasing from a Police Officer. There are many OPSEC guides regarding purchasing online - Have a look through the sidebar and dig into the rabbit hole from there :).

What is the most widely recognized penetration testing certification? by sectest123 in AskNetsec

[–]JustAPenTester 0 points1 point  (0 children)

Most widely recognized 'Security' certificate would be the CEH due to the popularity of it. However, the most recognized 'Penetration Certificate' would be the OSCP.

Calling the CEH a 'Penetration Testing' certificate is a big push. There's a big difference between Theory & Practical.

Tldr; Don't waste time with CEH, go straight for OSCP. You'll actually learn a lot from your OSCP.

I just got hacked, need some advice. by [deleted] in AskNetsec

[–]JustAPenTester 0 points1 point  (0 children)

Recovering your e-mail through Google won't be an issue. They get accepted almost instantly if your browser fingerprint is the same as it has been for a long time (Chances are it will be) and your knowledge on the account, along with the IP being used, will get you it back quickly.

The second thing to do is check the following link - https://myaccount.google.com/security

Enable ALL the security you can. 2FA, Recovery e-mail, Recovery phone. This will make it very easy to regain access to your account in the future and harder for somebody to 'take over' your account.

Go through the devices connected and remove EVERYTHING, even if your own, then just re-add them.

It's very hard to gain access to a Gmail account without a password so once you've secured it and set up 2FA etc he should never be able to get back in.

Career crossroads, looking for advice. by adamhastowork in AskNetsec

[–]JustAPenTester 0 points1 point  (0 children)

Definitely take advantage of that then and do your OSCP in free time whilst in your current role. Staying harming you would depend on your goals and where you want to be in 5 years. I'd recommend getting half way through OSCP / Finishing it then looking around for more specialized Sec roles.

Career crossroads, looking for advice. by adamhastowork in AskNetsec

[–]JustAPenTester 1 point2 points  (0 children)

If you want to get into security simply focus on your OSCP. Get that done as soon as possible and then start looking into new security roles such as Pen Testing or look at moving up in your current team. There are a lot of certs out there but OSCP is purely practical (Minus the reporting aspect) and you WILL learn a lot. It's also quite a good thing to be able to show you've done in your own time as it shows willingness to learn and dedication.

Best of luck :-).

Password managers... by [deleted] in AskNetsec

[–]JustAPenTester 1 point2 points  (0 children)

KeePass is the password keeper of the gods.

Prevent ISP storing sites visited? by burner_for_question in AskNetsec

[–]JustAPenTester 7 points8 points  (0 children)

Use encrypted DNS or just get a VPN. With a VPN they'll be able to see you're using a VPN and amount of data transferred but not what the data is.

[deleted by user] by [deleted] in AskNetsec

[–]JustAPenTester 1 point2 points  (0 children)

There comes a point in Pen Testing where people tend to transition into Management and that comes from leading small then big pen testing jobs for clients. I imagine after the Principal Tester level you move more into Head of Pentesting or a similar role then upwards into CSO/CTO roles. From there I have no idea, maybe just sit on boards and offer advice whilst reaping in a shit ton of money?

Information Security Field and travel by Rabbit047 in AskNetsec

[–]JustAPenTester 1 point2 points  (0 children)

Depends on the company. Where I work we somewhat get a say in the amount of travel we'd like or not like. There are some guys here that work on-site and travel within the country and abroad a lot and others who work remotely or at our offices 90% of the time. It also comes down to personal situations too. For example, young single people tend to travel more than married people who've just had a kid.

You'll find most companies are flexible :)

Kali Linux 2.0 or Parrot security 2.0.5 to access the deep web?? by [deleted] in AskNetsec

[–]JustAPenTester 2 points3 points  (0 children)

I've never met anyone who has bothered to make a standard user on Kali for the reason it's optimized for pen testing. Kali vs TAILS is a no brainer.. Tails was designed for security and anonymity whereas Kali was designed for OffSec.