@loi-van-tran
Active 6 years, 11 months ago-
Loi Van Tran wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 6 months ago
Last Friday around midnight, the 1.6 million people living in Dallas woke up to the screeching sounds of sirens that was triggered as a result of a supposed computer hack outside of the emergency notification […]
-
Loi Van Tran posted a new activity comment 7 years, 7 months ago
Two very interesting articles Mauchel.
I really liked your myths, as I also think that those who still believes in those myths are living under a rock. You can’t possibly live in the digital age without knowing how to protect yourself from malicious actors. Passwords is most commonly used because it is the cheapest and easiest access control method. -
Loi Van Tran wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 7 months ago
Apple recently confirmed that there was a vulnerability that allowed hackers to send infinite loop alert messages on the Safari application. Instead of just affecting the tab that the website was opened it, it […]
-
Thanks for sharing! I’m glad I recently upgraded to 10.3. I didn’t realize that it addressed 83 vulnerabilities including this one. Good to know.
-
-
Loi Van Tran wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 7 months ago
Suspected cybercrime group known as Lazarus is suspected to be behind numerous attacks against Polish banks. Polish banks reportedly detected previously-undetected Malware variants in their system. They r […]
-
Loi Van Tran wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 7 months ago
This article is gear more towards internal threats. The article points out the local system admins can hijack privileged windows user session without passwords. For instance, the CFO has his desktop/laptap […]
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Very interesting post Brent,
I really enjoy reading the articles posted by Krebsonsecurity. Towards the end of this one he highlighted some very important points; victims are not liable for the fraudulent charges on their debit/credit cards, however they must report this to the banks. I know some people that don’t check their credit/debit…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Thanks Bilaal,
I’m pretty sure this would come in handy when we try to the Operating Security class’ Windows 7 virtual machines. I will be sure to give it a try on my Windows 7 that is all patched with really no programs on it.
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Hi Mengqi,
Thank you for the post. This also seems very interesting to me. That’s a pretty high percentage of organizations (67% out of 128 ) were unable to detect that their system is compromised during a pen test. It’ll be interesting to know which were successful at detecting it.
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Well there are several reasons that I can think of that lead the caller to tell me to use the number that was on my caller id. First is, providing a number that is “malicious” would allow it to be traced back to them. Like I did, I googled the number before calling back. I assume they didn’t have the ability to reroute calls directed to that…[Read more]
-
Loi Van Tran wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 8 months ago
Yesterday, I received a phone call from this number: (570) – 524 – 2662. If you do a quick Google Search you will find that it’s for a legitimate source, the State Police Department in Lewisburg or Milton, […]
-
Loi,
This reminds me of how telemarketers spoof their phone number to have an area code similar to the area code of the people they’re calling. It used to be that you see a number from halfway across the country and you ignore it because you could assume it was a telemarketer. Now they spoof their numbers to try to trick you into thinking it might be someone you know.
Good job on spotting that the call was fishy. Many of the things you mentioned as being red flags are reminiscent of the slide from Wade’s class last semester for detecting social engineering attacks. This was a cool example of applying the knowledge from this course to everyday life.
-
Hi Loi,
That sounds like an interesting call. I wonder what his actual motive was. Why do you think he asked you to call back a legitimate number? I would understand if he was asking you to call back a number that was routed to a malicious actor, but doesn’t make sense that he directed you to call back the real police!
I get calls from unknown numbers all the time. I stopped answering them because it’s always a telemarketer or scam. They never leave voicemail!
-
Well there are several reasons that I can think of that lead the caller to tell me to use the number that was on my caller id. First is, providing a number that is “malicious” would allow it to be traced back to them. Like I did, I googled the number before calling back. I assume they didn’t have the ability to reroute calls directed to that number and transfer it to a malicious one. Had they provide me a number that was in a different county, city, or state, I could give it to the police to trace it down. Second, “No harm, no foul”, social engineering attackers knows that not all of their attempts will be successful. In this case, me calling the State Police really didn’t put a target on the attackers back. The police really didn’t do anything aside from affirming that they did not initiate contact with me.
-
wow….classic case of an attempt at social engineering. Good thing you were aware of what was going on. I am sure there are plenty of people who would have fell victim to this scam.
-
-
Loi Van Tran wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 8 months ago
Executive Summary
Power Point
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
That is why companies should be really careful when using backdoors, or better not use it at all. If its there, someone will find it and exploit it.
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Hey Jason,
I wrote about the same article but from a different site. IT was interesting because the malware was injected into the system using typical admin tools, like the one we used in class metepreter. It made it hard to detect, like you said because it never touches the hard drive. Another reason I believe, is because since most admins…[Read more] -
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Phishing and social engineering is always tough to beat, especially proper reconnaissance is done. Like what you see here from Facebook and Twitter accounts, customers now prefer to use social media to contact a company’s customer service. Disgruntled customers makes it easy for victims to be approached by a faux customer service rep. My…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Dan Berger is absolutely right about, if you do use plastic, you should definitely use credit cards first. I’ve run into trouble with both credit and debit cards, and the bank is definitely takes their sweet time getting your money back. Credit cards on the other hand will reverse the fraudulent transactions in a matter of days.
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Amanda,
I like your mentality of being objective instead of subjective. Like you said, forensics professional may not always like what we find, but the bottom line is that we have to present the facts. Another thing that I like from your post is the “trust.” If the profession gets a bad reputation for falsifying records or evidence tampering…[Read more]
-
Loi Van Tran commented on the post, Week 3 Question, on the site 7 years, 8 months ago
I really like what you said about having a strong ethical code and the commitment to act in the most ethical manner. Being an examiner comes with a lot of responsibilities and dilemmas that revolves around doing what is right. For example, an examiner uncovered additional data, that was not requested or subpoenad. What should they do? Whether it…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Great Post Andres,
As the other have stated, your approach is refreshing. I would like to extend your breakdown with the addition of moral, concerned with principles of right and wrong behavior and the goodness and badness of human character. We can probably agree that good ethics is good moral character. Believing that the actions that…[Read more]
-
Loi Van Tran posted a new activity comment 7 years, 8 months ago
Bilaal,
Great post and I completely agree with your explanation. I like to think it as, ethics picks up where the laws does not. Ethics provides a minimum standard of acceptable conduct. The person that lacks moral character can easily be tempted to use the information gathered for personal gain. A person with good moral character will do…[Read more]
-
Loi Van Tran commented on the post, Week 3 Question, on the site 7 years, 8 months ago
Digital forensic professionals, like Roberto state, has a judiciary duty to uphold the law in the way the collect, preserve, and analyze the evidence. Evidence collected may contain highly personal information, sensitive data, trade secrets, proprietary information, or things of national security, among others. All can have devastating affects…[Read more]
- Load More
