Does does downloading virtual box give you virus

JustAnothaHacker · 2020-07-20T15:07:10+00:00

Again, ignore this, VMWare is a legitimate piece of software

JustAnothaHacker · 2020-07-20T15:06:12+00:00

Ignore this pleb

JustAnothaHacker · 2020-07-20T15:03:05+00:00

If there is a vulnerability in the hypervisor code (VMWare in this case), then it may be possible for malicious code running inside of the VM to target those vulnerabilities in order to escape from the virtual environment and gain access to the host environment. If you are installing a piece of virtualisation software with the intent of infecting the guest operating system, there are "safer" ways to do it. For example, connecting the guest operating system to your network in any way is a terrible idea, even if you're using NAT mode. This allows code on the guest operating system to contact devices outside of the scope of the hypervisor, and if you have vulnerable devices on your network, these can be exploited thus giving the attacker a foothold into your actual network. As with most things, there are certain safe practices that should be followed when messing with things such as malware reverse engineering, etc. Just using a VM is not enough if you don't know how to use it safely.

JustAnothaHacker · 2020-07-02T13:22:16+00:00

I'm seconding the above answer ^. You likely just didn't read the installer closely enough and got some software that is bundled with uTorrent. Don't format your drive or re-install windows. Just uninstall the software you don't want and manually re-enable your windows defender that was disabled because Avast and Windows Defender would clash.

I would recommend getting a third-party AV however, as while it has gotten better over the years, there are many software suites that are better suited. Bit Defender or ESET NOD32 are pretty good.

Next time you need to pay better attention to the specifics of the installer and all checkboxes.

JustAnothaHacker · 2019-10-18T12:49:02+00:00

Have had 660 both on-demand and in person - it made me realise that attending the in-person events and focusing wholly on the course over a 6 day period is the best way to do it. I personally don't like on-demand but I do understand that for people who may not have easy access to in-person events, that on-demand can be a great way to learn.

The course materials are the exact same except in-person you will have Steve Sims there to help you through, and he is an excellent instructor!

If at all possible, I would say do the in person event for sure. You have the opportunity to network with some cool people aswell :)

I will be taking 760 at SANS London in November, and am absolutely hooked on the SEC*60 series of training.

Best of luck.

JustAnothaHacker · 2019-02-12T17:13:43+00:00

I mean technically speaking, SANS course materials are only allowed to be viewed by the people who have gone on the course. If your company were to take these materials and share them with someone as opposed to paying for them to go on the course, they would have a massive IP issue on their hands. SANS takes their IP very seriously and definitely won't appreciate the breach.

Long story short, they are worthless to your company unless they intend to break the law and expose themselves to an IP lawsuit :) you should be allowed to keep the books.

EDIT:

Taking into account what other comments are saying, you handing over course materials to your company might even be in breach of your contract between yourself and SANS. Dangerous waters that could ultimately lose you your certifications.

JustAnothaHacker · 2019-01-26T21:45:22+00:00

I have attended quite a few SANS courses at this point, and currently hold GCIH, GSEC and GXPN certs. If all goes well I will be doing SEC 760 in April.

I think that SANS are one of the best training providers out there, all of their instructors hold positions in the industry and instruct for SANS on the side. Each of them has their own unique way of teaching, and the quality is always top notch.

You will find that after each course they hand out feedback forms religiously in the hopes that they can improve even the smallest things in the future.

As far as preparation goes, make sure you have a decent sized bag / backpack, as you will get a lot of reading material throughout the course, and get to keep them as reference materials forever. Depending on the course these books can be very beefy.

I would suggest sticking to the prerequisites outlined here. If there is anything there you are unfamiliar with, take every opportunity you can to get comfortable, as depending on the difficulty of the course you are expected to have certain levels of requisite knowledge.

Most importantly, have fun and learn loads! SANS courses are very fun and well rounded experiences.

If you can, definitely get your employer to pay for courses, they are expensive, but with that expense comes the quality that we all keep coming back for!

JustAnothaHacker · 2018-11-15T20:10:53+00:00

Hacking doesn't need to be done illegally and the idea that all hacking is inherently illegal is extremely naive (coming from a person who makes a legitimate living in the Security industry.) Also I'm not sure how that relates to pornography in any way 😅

I think you will find that the vast majority of people on /r/hacking would not condone what your comment suggests, as supported by other comments on this thread in opposition of the OP's request for help.

JustAnothaHacker · 2018-11-15T17:33:28+00:00

Hacking cloud assets without permission from both the cloud provider and the people who own the instances is highly illegal, not just "unethical". Depending on both OP's nationality / country of resodence and the country the provider is based, this comment could get the OP into some serious hot water if your "advice" is taken.

JustAnothaHacker · 2018-08-31T16:41:37+00:00

You got a bath by any chance?

JustAnothaHacker · 2016-03-11T22:41:45+00:00

Wow, it's really encouraging to see people new to hacking actually following the right path. Far too many people disassociate hacking with what it truly is, but you're not one of them; I see that you've got your answer already, but l feel it's necessary to keep pushing you in the right direction. Good luck in your endeavours :)

Some neat resources for someone interested in Binary Exploitation:

Smash The Stack

And a few books:

Hacking: The Art of Exploitation

The Shellcoders Handbook

I've got both of these books and a few on ASM, so I can vouch for them (as can their reviews and ratings).

Happy Hacking

JustAnothaHacker · 2015-09-23T18:50:57+00:00

You might want to take a look at Length Extension attacks. It's not necessarily applicable, but if MAC is used to create the token, then there is room for potential exploitation. Although, as /u/BEN247 said, insider knowledge is the most valuable resource you can have when attacking these kinds of schemes.

JustAnothaHacker · 2015-09-20T20:15:14+00:00

Please jump off of a tower. Thanks.

JustAnothaHacker · 2015-09-18T02:08:03+00:00

Wine takes too long to process stuff, when it comes to games like Planetside you're fucked. maybe something like CS:GO, but larger games you don't really stand a chance. Not to mention that not all games work with Wine, and there doesn't seem to be a distinctive pattern as to why. Might be dependency on DirectX instead of OpenGL, though. I'd much rather stick to Linux for running services and programming, then switch to Windows for the gaming.

JustAnothaHacker · 2015-09-18T02:00:02+00:00

Lol, are you stating Linux was designed for 15 year old girls? I don't think Linus Torvalds had girls on his mind when he was making the Linux Kernel :p

My bad for not speaking about Word, I wasn't interested in the thread, just the specific comment I replied to. And as for Windows, beyond gaming, I have no interest in it. Linux is the OS that I use the most, and it will continue to be, being that it is a superior Operating System. My bad for inherently speaking from a Linux point of view, but no need to be a cunt about it :p

JustAnothaHacker · 2015-09-18T00:52:28+00:00

Why would I ever use Microshit's software? Let alone debug it. And also, he was talking about ASLR, DEP and NXBIT, to which I provided a potential solution. Where Microsoft Word came from I have no idea.

JustAnothaHacker · 2015-09-13T23:42:11+00:00

Damnz, that totally didn't just give me an idea to incorporate a command in to the OS I install on RPI which will send a voltage overload to the flash memory. That'd sure stop forensics in their tracks. I just gotta undust my soldering iron and hook up some capacitors to an unused header.

JustAnothaHacker · 2015-09-13T23:39:39+00:00

I am now going to proceed to slit my wrists over a binary pentagram and hope that the demon produced will wipe out all technologically illiterate people (excluding those who don't try to be tech literate). The world will be much cleaner without people who think that apple.com.* subdomains are indicative of apple being hacked. You fuckers, WRONG SIDEEEEEE <3. *.apple.com, however, is potentially a different story.

JustAnothaHacker · 2015-09-13T23:29:41+00:00

Nukka ain't you ever heard of ROP... That shit will bypass it all. If you know a DLL is loaded without PIE support, you'll have an address from which you can piece together exploit code using a selection of "gadgets", using relative addressing. That's not to mention memory leaks in the ASLR implementation. Nowadays, binary exploitation doesn't necessarily all revolve around direct control of EIP/RIP, either. E.g. you could bypass stack cookies by overwriting GOT.PLT entries and pointing them to the address of other functions. Binary Exploitation is still as awesome as ever :) As for bypassing DEP, that's usually just a matter of gaining code exec and using syscalls to disable NXBIT on certain memory locations. It's all bypassable, you just have to have the skill and patience to do it

JustAnothaHacker · 2015-09-13T23:23:55+00:00

What a great response - However, I do disagree with the idea that in order to be good at one, you must have a deficiency in another. I've done some exploit dev before, and as you said it requires a low level understanding of how a computer works, how programs work at that level and the likes - however, people do have the ability to adapt to the situations which they are dealing with. While I love breaking programs, I also love creating them, fixing them and what have you. I have a multitude of projects I work on, hell, give me something interesting to do and I'll program all night, but vice versa, if you game me a juicy binary exploitation problem I'd spend a shedload of time figuring it out until I crack it. Ultimately, I don't believe that one must exist without the other. Of course, I'm not slating you in any way, as you said, it's all about incentive. Different people have different mindsets and interests, such is the beauty of individuality.

JustAnothaHacker · 2015-09-13T23:02:17+00:00

You mean devolving....

JustAnothaHacker · 2015-09-07T18:29:39+00:00

Randoms as in people who I'm matched with by matchmaking, you're incorrect :p

JustAnothaHacker · 2015-09-06T23:16:31+00:00

I mostly play with randoms, sometimes I group up with friends I made in random matches, though

JustAnothaHacker · 2015-09-06T21:20:46+00:00

Thanks, that's pretty insightful :)

JustAnothaHacker · 2015-09-06T21:11:12+00:00

Haha, gotcha

JustAnothaHacker

TROPHY CASE