 5 Free Seats in OffSec Online Training!
Offensive Security has carved out a place in the pen testing field that is quite rare. They offer not only high quality training but also at some of the lowest price points in the industry. For an insider's look at Pentesting With BackTrack (PWB), check out Ryan Linn's review of PWB and the associated exam, OSCP. But as well know as PWB is becoming, let's not forget they also have 3 other courses. For you wireless pen testers, there's OffSec Wireless Attacks AKA WiFu, for Windows environments there's Advanced Windows Exploitationand (AWE), and for those ready to prove their mettle, OffSec throws down the gauntlet with Cracking the Perimeter (CTP). OffSec continues to support EH-Net and their members by offering not just 1 but 5 courses for top contributors. We have 2 seats in PWB for our up-and-comers, 2 in WiFu for our wireless freaks and 1 in CTP for someone who shows just how wicked smart they are.
BTW - As luck may have it, Offensive Security has released a new version of PWB which is now aligned with BackTrack 4, has new video recordings, updated courseware, new double-sized lab with new OSs, new web app modules and much more. PWB v3.0 will be available March 21st. Gee... that's just in time for our winners to get it. Funny how that works out. ;-)
Let the feeding frenzy begin!!
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; write an article; spread the word of EH-Net; help a newbie... quality is more important than quantity.
|
|
|
We Have Our Winners!
 Syngress Publishing has been a long supporter of the professional hacking segment of the industry. 2010 shows no sign that they are stopping. In their continued support of EH-Net, they have graciously offered up copies of their next 5 releases to not just one lucky winner but 2!! The 2 winning EH-Net members, hayabusa & former33t will each be put on the list of those who automatically receive copies of the new releases immediately upon becoming available. What a great way to increase the volumes in their technical libraries with the latest and greatest tomes from topic areas like Certification, Digital Forensics, Hacking & Penetration Testing and more. Congratulations and thanks to everyone for adding to the ever-growing repository of great professional discussions on ethical hacking.
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
|
 Ryan Linn continues his insider's look at Offensive Security's online training course, 'Pentesting with BackTrack.' In Parts 1 - 4, he presented the reader with details of the training as he did it. Now in this final review (Part 5), he compiles his thoughts on the course in its entirety and then gives you an extended look at the process of preparing and taking the Offensive Security Certified Professional (OSCP) exam. PWB is described by Offensive Security as, "An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."
Visit Ryan Linn's Column Page for Parts 1 - 4 as well as several other contributions to The Ethical Hacker Network and our community of security professionals.
|
|
Read more...
|
|
|
 Review by Jason Haddix
Have you ever seen Man on Fire? If you haven’t and you like watching kick-ass, kick-you-in-the-teeth, relentless, Denzel-Washington-type of-action-flicks… you might want to Netflix that one. Our interview this week is kind of like Denzel in Man on Fire but with less guns and more SQLi strings meticulously crafted to pwn your databases.
Enter Joe (j0e) McCray of LearnSecurityOnline… Joe is a long standing friend of both Security Aegis and The Ethical Hacker Network, and, after wanting to keep the limelight off of himself and his teaching projects, we have finally pestered him enough to agree to sit back and answer a few of our questions about life, liberty, and the pursuit of root.
The great thing about Joe is that he will never make you feel like an idiot, even while he’s managing to teach you cutting-edge stuff. He keeps you engaged in a half comedy, half lecture style teaching format. I have no reason to think that his energy and effectiveness won't continue to shine through in his upcoming new advanced course, Pentesting High Security Environments. Make sure to check out his video at the end of the interview.
|
|
Read more...
|
|
|
 Hello challenge fans. Sorry for the long delay, but better late than never, right? Actually this one caused a little debate, because we did not have anyone that gave a completely accurate answer on either the technical or creative sides. But in considering that these challenges are not just contests but also great ways to learn, we decided to release the answers without any winners. So although there are no signed copies of Ed Skoudis' book, Counter Hack Reloaded, a couple of you still get your name in lights as we mention some of your good thoughts. We'll just have to keep in mind the immortal words of Mike McDermott in Rounders when replying to one of the participants in the judges poker game that Professor Petrovsky is not paying him. Mike kindly replies, "Oh, well, knowledge is my reward, sir." So without further delay, here's Mr. Shewmaker with the answers to SSHliders.
|
|
Read more...
|
|
|
 As a courtesy to our members, we try to keep you informed of some of the more interesting items that have been published in our online magazine by sending out an electronic newsletter by email. But not everyone interested in our content is a member. For that reason, we have decided to also publish the newsletter in article format for all to see. Each EH-Net newsletter features the major articles of the past month such as our Free Monthly Giveaways, reviews of books, courses and products as well as other newsworthy items. The newsletters also includes updates on our Hacking Challenges in "Skillz Scoop," some links to interesting or eye-catching discussions including job postings in "Hot on the Forum," and a listing of security related conferences happening in the near future from the EH-Net Global Calendar in "Upcoming Events." We also try to keep you up-to-date as to what is coming down the pike in "Stay Tuned." We have made changed and additions based on reader feedback, so keep them coming. Some suggestions include sections for "Tool of the Month" and a "Member Spotlight." Let us know what you think of these and any other ideas you might have.
|
|
Read more...
|
|
We Have a Winner!!
 EH-Net member, oneeyedcarmen, will attend Black Hat DC on us. The Washington, DC version of the world's premier technical event for security experts is being held January 31 - February 3, 2010. One Passport Admission Ticket worth $1995 allows our winner entry into the 2-Day Briefings portion of the event. The event is described as, "Understanding the increasingly complex threats posed to an enterprise can be a daunting task for today’s security professional. Knowing how to secure an enterprise against those threats can be overwhelming. Black Hat is the premier information security event for senior-level professionals to learn the latest insights from security researchers on defending an enterprise against tomorrow’s challenges. Black Hat events are comprised of multi-day training sessions provided by some of the most respected security experts in the world; as well as of a number of short, topical briefings presentations which highlight the latest research in security." Congrats!! Don't forget to check out Black Hat Europe April 12 - 15 in Barcelona, Spain.
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
|
 Review by Jason Haddix
Today we showcase a new web application scanner called Netsparker, and believe us when we say that we put this app through the ringer.
There's a big distinction between testing a tool against dummy apps in a lab and using it first hand against a large environment. Luckily for us we got to do both.
Over the course of a month we ran several engagements and specifically watched Netsparker’s performance compared to other tools we normally use in the assessment process (w3af, Grendel Scan, Nikto, Wikto, Websecurify, Paros, Burp, etc). We have to say, we are very impressed. Netsparker not only caught vulnerabilities that other scanners missed but also had excellent remediation and a documentation section for most of its findings.
For injection it does a full-scale attack, testing every parameter it can spider (which it also does very well), and, although this lengthens the testing time, it also awarded us with some valuable injection findings. Netsparker is developed by Mavituna Security, and more specifically our guest, Ferruh Mavituna.
|
|
Read more...
|
|
|
Review by Joel Dubin, CISSP
The Payment Card Industry Data Security Standard (PCI DSS) has taken it on the chin recently. With several high profile breaches of credit card numbers, some critics of the industry standard have said it either isn’t strong enough, or should be abolished altogether. But as Dr. Anton Chuvakin and Branden Williams correctly point out in the second edition of their book, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, PCI is here to stay.
This is no ordinary field manual to the PCI standard. It isn’t a book, for example, that a PCI auditor, called a Qualified Security Assessor (QSA), would have open on their lap as a reference while working with a client. Instead it carefully weaves together PCI, which is considered compliance, with IT security. In fact, it also discusses PCI in the universe of other regulatory compliance standards, like SOX and HIPAA, which also give IT managers plenty of headaches.
|
The book correctly notes that compliance isn’t the same as security, a common misconception of PCI critics, but that it is part of a sound IT security program covering both bases, compliance and security, and not narrowly focused on PCI, but other standards, as well. That’s good news for IT managers suffering from compliance fatigue and looking for a single path to handle not just security but all the other regulations they face. PCI might not be a cure-all, but the IT security it requires can go a long way toward that single path.
|
|
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 8 Next > End >>
| | Results 1 - 13 of 103 |
|
del.icio.us
(30) 
News from the Outside World : Ditch Windows for Online Banking
