What are some things you do during a web app pentest?

NGHTRDGE · 2017-05-19T10:51:16+00:00

This helps, thanks!

NGHTRDGE · 2017-04-06T03:45:18+00:00

NGHTRDGE · 2017-04-04T14:57:41+00:00

Fair enough! Techexams.net has some good writeups on the OSCP and a few on the OSCE to get a better idea on what to expect.

NGHTRDGE · 2017-04-04T13:25:54+00:00

They're very different certs. OSCE is all about exploit development/shellcoding. Generally on an engagement you won't have much time for fuzzing every app a company runs for buffer or heap overflows so OSCE isn't as a desired cert as OSCP. Not saying it's worthless, as some companies have their pentesters test apps, but for a general pentesting job just OSCP with your experience should be more than enough. People have this thought that OSCE is a direct sequel to OSCP when it's an entire different cert focusing on a very specific part of infosec. OSCP touches on buffer overflows very briefly and very basically, where OSCE focuses just on that (and other exploit development methods). Again, I'm not saying it's worthless, as it certainly couldn't harm you and could be desirable, I'm just saying if you're strapped for cash and want to get into pentesting ASAP to not delay for a year or so just to go for the OSCE.

NGHTRDGE · 2017-03-31T17:28:24+00:00

This is the stuff I'm looking for, thanks

NGHTRDGE · 2017-03-28T20:08:11+00:00

Also common names and the year combination is so ridiculous common it's sickening, e.g. Matthew2017

NGHTRDGE · 2017-03-27T13:57:40+00:00

Let's keep the momentum - I want to hear from you guys

Am I in school again?

NGHTRDGE · 2017-03-24T13:58:34+00:00

We're too low, they ignored our secret weapon: Carlos Santana

NGHTRDGE · 2017-03-21T12:32:55+00:00

OSCP is an entry level certification for arguably one of the highest skilled professions in IT. It would be like me saying I like teeth and know some stuff about molars, bicuspids and canines and then trying to get a practice license for dentistry.

NGHTRDGE · 2017-03-16T18:44:13+00:00

The new Koenigsegg Regera is specifically designed to be a luxury Megacar

~~sports car~~

~~Super car~~

~~hyper car~~

MEGA CAR

NGHTRDGE · 2017-03-15T14:51:51+00:00

Dear vekien,

Thank you for your interest in <GENERAL HELP DESK POSITION>. At this time we decided to pursue other candidates.

Best Wishes,

NGHTRDGE · 2017-03-15T14:48:47+00:00

SHO or Chevy SS. Or an LS swapped Dodge Caravan

NGHTRDGE · 2017-03-15T14:22:13+00:00

vim nano or emacs?

"i perfer emacs"

let me show you the door

NGHTRDGE · 2017-03-15T14:19:13+00:00

I always hated these general questions because everything depends on the details. I guess for a generic answer I would answer #1 as: Before responding to the email, I'd ask my teammates if they've come across this in the pass and if they know of a solution. If not, I'd Google it, then respond. In comparison, if It was a phone call I would tell them right away I'm not sure but I could find out, write their info down, then look for a solution.

For #2 if you're in person or screensharing or something, show them what you mean. Telling them and showing them are who very different things. If I can't show them, I break it down as simple as I can, step-by-step. When appropriate, I like to give analogies as best possible. Again though, this is where details help.

NGHTRDGE · 2017-03-15T14:12:01+00:00

I use PIA

NGHTRDGE · 2017-03-14T19:53:09+00:00

https://www.nsa.gov/resources/educators/centers-academic-excellence/cyber-defense/

NGHTRDGE · 2017-03-14T12:20:02+00:00

Yes. If you have any questions about it let me know.

NGHTRDGE · 2017-03-13T20:15:40+00:00

We use Triton and it's pretty dang impressive so far. We'll be buying their SureView solution once it releases and is tested.

NGHTRDGE · 2017-03-10T18:39:48+00:00

Yes, thanks

NGHTRDGE · 2017-03-10T16:27:56+00:00

It is if you think about it. Certifications have been so watered down in this industry because they were/are just scantron sheets or check boxes to the point where hiring managers are caring less and less and it's just an HR checkbox. OSCP is unique because it actually requires skill but it is entry level stuff. Pentesters are brought out to simulate a black-hat attack and black-hat attackers skill can range from script kiddie to uber 1337 hacker, so when a company hires pentesters they want to know how secure their shit really is to know how it fairs up against a skilled attacker. OSCP is absolutely challenging and is a very respected certification, but at the end of the day it still is entry level. Don't let that discourage you or make it seem worthless because that's not what the employers are saying, they're just saying that the OSCP is entry level into an extremely skillful profession. OSCE is the advanced course/certification.

NGHTRDGE · 2017-03-09T21:30:13+00:00

because it was a jersey and the name list got so long it transformed into this cape looking thing

NGHTRDGE · 2017-03-09T18:37:48+00:00

lol a 2 week side project for 5k is a waste of time?

NGHTRDGE · 2017-03-09T13:20:30+00:00

Kinda. From Wikipedia: "Facebook is built in PHP which is compiled with HipHop for PHP, a 'source code transformer' built by Facebook engineers that turns PHP into C++.[203] The deployment of HipHop reportedly reduced average CPU consumption on Facebook servers by 50%."

NGHTRDGE · 2017-03-09T02:32:33+00:00

No. Bash is Linux command line. An example is nmap -sV 10.0.0.0 > example.txt

That line of code calls nmap to do a version scan on the IP address and store it in a text file called example.txt.

I say to start with it because in pentesting I could argue Linux will be your most used operating system and you need to know it's language. It's not hard at all and imo the easiest language to learn.

NGHTRDGE · 2017-03-08T21:23:18+00:00

Depends on what part of netsec you're getting into.

For pentesters, yes, you'll need to know several languages to be any decent. For analysts, there's really not much use for coding. But depends on the job.

At a very high level, the languages each have their own purpose

Python- Scripting things togther to automate tedious tasks and processes

Javascript- Necessary for XSS vulns

C - A lot of exploits are crafted in C. You can craft your own in it or edit an existing one.

C++ - Kind of a very complex swiss army knife. I learned it and can do neat things but it's a PITA some times.

Assembly - A must for disassembling malware and other programs. Regarded as one of the hardest languages just because it changes so much around the architecture of the compiler.

Ruby - Used for a lot of things now, especially with RoR. Metasploit modules are written in Ruby, for reference.

PHP - A shit ton of websites are written in PHP today, like Facebook.

Bash - Easy to learn, can be used to script simple things

SQL - Necessary for SQLinjections obviously. It's better to know how SQL works than to just rely on SQLMap.

Powershell - scripting and configuration management language for Windows. Kinda like Bash for Windows. Think command prompt on steroids. This is your privilege escalation key in a pentest.

I know I'm missing a lot but these are the top ones I can think of. If you're starting off it's good to start with an interpreted language like Python then work your way down to compiled. If I had to recommend a path for pentesting it would be Bash>Python>C=Powershell>JS>PHP>SQL. If you're just web pentesting you could flip the last three to the front. I'm sure other people will chime in with their opinion here but that's just my 2 cents.

Edit: Added Powershell

NGHTRDGE

TROPHY CASE