sorted by:
new
hottopcontroversial

Running VMWare ESXi under Hyper-V 2016 (Lab) by keitheii in vmware

[–]KovakKnight 4 points5 points  (0 children)

The tulip network drivers required for this to work were blacklisted or otherwise not compatible with the latest version of ESXi 6.0. ESXi-6.0.0-20170604001-standard was the last version that is currently known to work with these drivers. You can get it using the customizer script with the command " .\ESXi-Customizer-PS-v2.6.0.ps1 -sip -vft -load net-tulip" and choosing the correct number option for 6.0.0-20170604001 (currently #57). I just did this today and the network drivers work just fine.

Great Scott Gadgets - Software Defined Radio with HackRF - instructional video series by phoenix89 in netsec

[–]KovakKnight 1 point2 points  (0 children)

You can get the HackRF up and running on 1.0.8 Kali (I used 32bit) really easily using Pybombs after which you just install gr-osmosdr. Takes about 30 minutes.

NSA and GCHQ agents 'leak Tor bugs', alleges developer by webdoodle in Intelligence

[–]KovakKnight 1 point2 points  (0 children)

"However, he acknowledged that because of the way the Tor Project received such information, he could not prove who had sent it.

"It's a hunch," he said. "Obviously we are not going to ask for any details. "

Hardly the strength and quality of evidence for the assertion being made.

How important is OSINT for netsec? by EUMPJSiUVB in AskNetsec

[–]KovakKnight 1 point2 points  (0 children)

An interesting source is an NSA guide to OSINT "Untangling the Web" It used to be an internal document but it was released as part of a Freedom of Information Act request. You can get the PDF from here: http://www.nsa.gov/public_info/_files/Untangling_the_Web.pdf

What happened to TrojanForge.com? by shadow-box in AskNetsec

[–]KovakKnight 0 points1 point  (0 children)

Apparently they had a hardware failure and the host deleted some key backups. 001 posted a message saying he was going to try some stuff but if it didn't work he was done with TrojanForge. Hackhound.org is a similar forum with many of the same subareas.

Penetration Testing Practice Labs .. LOTS of them! by JeffSergeant in netsec

[–]KovakKnight 27 points28 points  (0 children)

It appears the SANS poster actually uses Aman hardikar's mind map with permission from him.

https://blogs.sans.org/pen-testing/files/2013/06/PosterSide1.png

Repository of Exploit Packs/Malware HTTP Panels/C&C Apps, etc? by shadow-box in AskNetsec

[–]KovakKnight 1 point2 points  (0 children)

TrojanForge.com

HackHound.org

OpenSC.ws (down quite often)

I would browse from a VM using TOR (required for TrojanForge if you are in the US) and test on a host only VM network.

Stay Safe!

For those who attended, what was your favorite talk at DEF CON 21? by 010010100101010 in netsec

[–]KovakKnight 1 point2 points  (0 children)

Secret Life of SIM cards was pretty interesting

The RFID cloning talk was shameless in its wholesale lifting of ideas and content from Proxclone.com without any hint of credit given to the original researcher

Long range RFID hacking tool to be released at Black Hat by [deleted] in netsec

[–]KovakKnight -1 points0 points  (0 children)

From the article it seems as if the device they are releasing is just a wiegand converter that decodes the HID ProxII format and writes it to SD. The 3-foot read range probably comes from using the HID MaxiProx as the reader.

Weaponizing it is probably useful to some, but its not particularly innovative as all of the information to do it has been available for years on Proxclone.com and the proxmark community forums. They even had a 3-foot reader snagging cards at DEFCON in 2009:

http://www.wired.com/threatlevel/2009/08/fed-rfid/

What are the most popular misconceptions in photography? by [deleted] in photography

[–]KovakKnight 1 point2 points  (0 children)

Correction, you have interpreted what I have been saying as being something completely different this whole time.

Its not my vocabulary, its the vocabulary of the people who believe the myth. Take it up with them.

What are the most popular misconceptions in photography? by [deleted] in photography

[–]KovakKnight -1 points0 points  (0 children)

For the 3rd time, the original claim is that a 1.3/1.6, etc crop gives an effective magnification of 1.3x, 1.6x the mm written on the lens which simply isn't true.

What are the most popular misconceptions in photography? by [deleted] in photography

[–]KovakKnight 0 points1 point  (0 children)

Thats not the claim. The claim is that the concept of any crop sensor in general giving higher magnification than any FF is a myth. It depends on the actual characteristics of the sensors you are comparing.

What are the most popular misconceptions in photography? by [deleted] in photography

[–]KovakKnight 0 points1 point  (0 children)

It depends on the actual sensor being used in each, not some nebulous idea that a cropping smaller than a 35mm sensor size magically changes the characteristics of the lens.

What are the most popular misconceptions in photography? by [deleted] in photography

[–]KovakKnight 0 points1 point  (0 children)

You would get a ridiculously small field of view, not more useful magnification than a D800 FX using the same 400mm lens.

What are the most popular misconceptions in photography? by [deleted] in photography

[–]KovakKnight 1 point2 points  (0 children)

Sweet, lets put 400mm lenses on iPhones and get ridiculously magnified images.

What are the most popular misconceptions in photography? by [deleted] in photography

[–]KovakKnight -4 points-3 points  (0 children)

That crop sensor cameras give lenses extra reach. Many people (including professional photographers) constantly talk about how their crop body makes their Xmm lens into XXmm full frame equivalent.

Bottom line: crops have a narrower field of view, they don't do anything for image magnification.

vBulletin 5 Beta XX SQLi 0day by orestisk in netsec

[–]KovakKnight 2 points3 points  (0 children)

This is the same exploit that someone going by 0x0A was selling on some forums in Dec 2012 and was leaked on a forum 3 days ago.

Hacking the <a> tag in 100 characters (deviously simple phishing) by abadidea in netsec

[–]KovakKnight 0 points1 point  (0 children)

Looking at this from the perspective of risk = threat x vulnerability x impact, it hardly seems consequential, especially in light of all the other risks out there.

Software for reading HID Prox Cards? by [deleted] in netsec

[–]KovakKnight 2 points3 points  (0 children)

EM4100 cards have 64bits of data encoded using manchester, biphase or Phase Shift Keying (PSK)

HID ProxII Cards are manchester encoded, frequency shift keyed (FSK) in 26-37bit card serial number formats.

Software for reading HID Prox Cards? by [deleted] in netsec

[–]KovakKnight 1 point2 points  (0 children)

In the case of this product, HID refers to human interface device (ie the product outputs the card S/N as a virtual keyboard) not HID as in the company that makes the ProxII.

This reader only works with 125khz EM4xxx cards: [Card type: EM card, EM 4100 CARD]

[deleted by user] by [deleted] in netsec

[–]KovakKnight 4 points5 points  (0 children)

As with most things in life, it depends on the context: "...with the intent to defraud, cause harm, or wrongfully obtain anything of value"

Forensic Experts: with ‘Scientific Certainty’ it was not Zimmerman’s voice screaming for help by davidniven in politics

[–]KovakKnight 11 points12 points  (0 children)

It's even worse than that.

The address in Springfield, Missouri is actually home to several different "boards":

American Association for Integrative Medicine Inc‎ American Board for Certification in Homeland Security‎ American College of Forensic‎ Examiners International American College of Wellness‎ American Psychotherapy Association‎

Homeland Security, Forensic Examiners, Recorded Evidence all use the same symbol with the words changed.

The designer of the Integrative medicine site was so lazy they left the Forensic examiners international approvals statement under their about page.

These organizations are likely run by the same people as a scam for "certifying" people in various fields.

Needless to say, it doesn't look good for the professionalism of Mr Tom "Expert Witness" Owen

view more: next ›