Contest 30 NOV - 05 JAN 2020 Morning Batch

Discussion in 'CEH' started by Baba_2, Nov 29, 2019.

  1. Baba_2

    Baba_2 CEH Trainer
    Alumni

    Joined:
    Sep 7, 2017
    Messages:
    225
    Likes Received:
    116
    This is your first post

    Any kind of new announcements and updates will be updated in the first post of the Thread.
     
    #1
  2. Shivakumar Venkatachalam

    Joined:
    Sep 20, 2019
    Messages:
    6
    Likes Received:
    0
    Hi Baba,

    Per today's Quiz, both whit box and black box testing the answer is same, please clarify.

    Question:
    The "white box testing" methodology enforces what kind of restriction?
    Correct Answer:

    Only the external operation of a system is accessible to the tester.

    Question:
    The "black box testing" methodology enforces which kind of restriction?
    Correct Answer:
    Only the external operation of a system is accessible to the tester.
     
    #2
  3. Ankur Sharma_17

    Ankur Sharma_17 New Member

    Joined:
    Sep 25, 2019
    Messages:
    1
    Likes Received:
    0
    Hi Baba,

    As an offensive technique, how do we hide our identity. As i don't think vm machines are good enough(as isp can have your ip address). Can VPN be an good option, if so which is best both for free and paid version.

    Thanks
     
    #3
  4. Deekshith Thumucharla

    Joined:
    Nov 8, 2019
    Messages:
    1
    Likes Received:
    0
    Hi Ankur,

    While talking about hiding our identity, we need to follow the below steps
    1. Spoof IP
    2. Spoof MAC
    3. Spoof the location
    4. Disable cookies & trackers in websites you are visiting.
    5. Change the DNS resolution servers.

    And VPN is good for spoofing the IP. But remaining steps also have to be followed just to be sure. The more you pay for the tools/technologies the
    features you get.

    Thanks
     
    #4
  5. Venkateshwarlu Sadu

    Joined:
    Jun 21, 2019
    Messages:
    5
    Likes Received:
    1
    Hi Baba Sir,

    Is there a plan to conduct another mock in Dec, please let me know.

    Thanks,
    Venkat
     
    #5
  6. Premchander Chandran

    Premchander Chandran Well-Known Member

    Joined:
    May 25, 2019
    Messages:
    50
    Likes Received:
    19
    @ Ankur and Deekshith:
    1. The term Offensive Security practice is widely used in Penetration Testing. It's a way of having a hacker's mindset to approach a security issue.
    Having said that, being anonymous can be achieved in certain ways and it is possible only for a certain time based on the activity and the nature of human mistakes.
    --> To answer your question, there are certain things to be taken into account.
    First, your intention of being anonymous.
    If it is a for learning purpose or a personal reason as far as it is not illegal, then it can be achieved in the following ways.
    1. Since it is security-related work, consider using Kali + TOR and you have to create proxy-chains to be anonymous.
    2. The same can be achieved using Parrot OS.
    3. Using Qubes OS is different and is not usually performed for learning. That's something you have to perform some research.
    3 Using TAILS OS and Whonix
    Just browse on all these topics and get a good understanding of it.
    Note: Understand the concept of being Ethical at all times

    --> IP/MAC spoofing is totally different from Proxy.
    Spoofing shouldn't when your intentions are about Proxy.
    Spoofing IP/MAC/Location they are not the actual terms and they come under a single term Proxy.
    We cannot disable cookies and trackers on the website we visit, that means you have already hacked it.
    Nowadays, for security reasons, websites insist on cookies be run.
    Those can be blocked from our website and if you mean hacking can be done in a client-server architecture.
    DNS servers on the internet can be accessed by anyone on the internet. To challenge that beside DNSSEC is good work though.here
    VPN encrypts the traffic and it is not accessible by the ISP.
    No logs VPN providers are there but how do you really know that no logs are kept.
    So conclusion:
    Be Ethical, there are a lot of ways to practice offensive security and its free as well.
    Be strong at the fundamentals and happy Ethical Hacking :)
     
    #6
  7. Shubham Sharma_15

    Shubham Sharma_15 New Member

    Joined:
    Nov 16, 2019
    Messages:
    1
    Likes Received:
    0
    @Baba_2

    Hi Baba,

    How can we use softwares and tools in ilab without internet??
     
    #7

Share This Page