So Chicago has a bunch of NFC things all over…
People have been overlaying malicious ones :lol:
That’s a great idea. I’d never scan an NFC tag I just found out in public.
I use NFC sometimes to send web links, images and with Google wallet but its not often I do those things
Some interesting news in the Android malware battle. http://thehackernews.com/2012/10/android-play-market-3916-with-built-in.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+(The+Hackers+News+-+Daily+Cyber+News+Updates)&utm_content=FaceBook#_
NFC is like those QR codes. Cool idea but what a fun way to get people to go to a bogus website. Thought was there but just so easy to abuse
FBI Issues Android Smartphone Malware Warning
http://www.forbes.com/sites/billsinger/2012/10/15/fbi-issues-android-smartphone-malware-warning/
“For all those smartphone users who make fun about the iPhone, the last laugh may be on you. The Internet Crime Complaint Center (“IC3”) has issued a warning about recent malware attacks targeting Android operating systems for mobile devices. That means those of you with phones from Samsung, HTC, Pantech, Motorola and others should read on.”
<3
Now I will go back to reading NYSpeed from my Nexus 7
Sooo basically if you’re a retard with your phone this affects you.
It’s NYSpeed…
It’s every fucking ordinary user on the planet.
People are dumb we do phishing a lot for work and often times people call/email us back for support because their AV won’t let something run or they don’t know if they should always allow the java applet to run.
Nothing surprises me anymore :lol:
Hopefully the previous link saves a few people on here
Is that pretty common for rules of engagement to allow for you to launch phishing attacks? I know that some companies will do periodic spear phishing for educational/awareness purposes, but it’s sort of contraversial to some extent as well.
We offer all kinds of stuff internal/external/web/social/physical/full redteam/code review most companies mix and match services they want.
People are very interested in social engineering attacks now just about every external pentest we do includes it as a separate service.
Over the past couple years its really evolved from wanting metrics around who/what was clicked to full exploitation of a client computer with screen shots.
That’s awesome. I’ve not really been involved with setting up for pentests so I was curious.
Get me a job.
+1
Anyone else see the news of SOFTBANK in the middle of a deal to purchase Sprint?
The place I worked in CA will give you 75k a year if you have your OSCP and know some shit and that was working from home 70% of the time…Go bang out a year there and move onto somewhere else Trustwave, BT, IOActive, Fishnet, Accuvant, etc.
Pentesting isn’t a great job for most people you really need to love what you do.
redspin? I think pentesting would be fun to do for a few years before settling into a more long-term position. I like what I do now and they’re paying for some training. Actually just finished the SANS 504 course. I just want to make more money lol.
You guys can make $70k a year testing pens? Fuck I’d do that. “Yeah, this one doesn’t write smoothly. Throw away that batch.”
yeah, I heard about it. they’re hoping the cash infusion will allow them to expand the network. that’s a big deal.