Recent Articles

The Ethical Hacker Network Rises from the Ashes

| November 2, 2017

A phoenix depicted in a book of legendary creatures by FJ Bertuch (1747–1822)This past summer while attending Black Hat and DEF CON, I was approached by a number of people asking what happened to The Ethical Hacker Network Online Magazine, EH-Net for short. With a heavy heart, I had to explain the tough choices that a Dad sometimes has to make. With the ever-changing landscape of advertising revenue, ad-blockers and the like, I had to make a decision that best suited the stability of my family. And thus, a steady paycheck and benefits won out over a risky attempt to yet again rebuild an advertising revenue model.

I kept EH-Net alive for over 2 years to allow free (and freely available) access to our catalog of content built over a decade plus. Unfortunately, there came a time when that was not sustainable either. So the site completely went down earlier this year. While in Vegas during the annual pilgrimage of the security community, I was honored and truly humbled by the comments of numerous readers. While everyone understood the decision, they also shared with me the stories of how EH-Net helped them either start or advance their careers in InfoSec. A number of our regular contributors mentioned how they would not be where they are today without having their first break into contributing to the larger community of professionals. Their experiences with us led to speaking engagements, book deals and long-term career advancement that helped them provide for their loved ones. I was deeply touched, but it also got me to thinking. And as my family says, “Uh oh. Don’s thinking again.”

The juices were flowing, and EH-Net was now front and center in my mind. I had offers in previous years to get the backing I needed to make this thing big, but all of them fell through… Until now. A chance decision to find an old friend (who also happened to be a long-time advertising client of EH-Net) led to a cordial conversation of where our lives had taken us. One thing led to another, and he asked me a simple question, “What would it take to bring EH-Net back?”

One thing led to another, and after many conversations and confidence that our visions for a new EH-Net were eerily similar, Armando Romeo of eLearnSecurity made me an offer I couldn’t refuse. And with that, EH-Net is now part of the eLS family and will soon become part of their Caendra Ecosystem, and I couldn’t be more excited.

What exactly does that mean? In the short term, as you can see, EH-Net is back online with access once again to our library of content and open to all. For the time being, we are not allowing new registrations. In the coming months, we will be looking at everything from the platform to any and all features, but most importantly how to bring you content in all forms to once again be the premier global location for educational materials to advance your career in this crazy field we all love so dearly.

The Ethical Hacker Network Online Magazine (EH-Net) will remain a separate and independent project. It will continue to be a free resource for all and the content will be freely available. We have already lined up a number of great columnists (both old and new), are planning numerous webinars, contests, community submitted articles and much more. With the help and backing of our new family, it will be even bigger than it was before. And I can’t wait to get to work for all of you.

“Like the phoenix rising from the ashes…”

Onwards and upwards once again,
Don Donzal
The Ethical Hacker Network Online Magazine (EH-Net)

Additional Links:

Picture credit – A phoenix depicted in a book of legendary creatures by FJ Bertuch (1747–1822) from Wikipedia.

Course Review: eLearnSecurity WAPTX (WebApp PenTesting Extreme)

| June 29, 2015 | 0 Comments

eLearnSecurity - LogoThe past few years were a sort of lull for me. While I’ve continued to read and review books, watch and listen to webcasts and podcasts and do my best to stay ‘fresh’ on the pentesting front, I’ve not had a good opportunity to squeeze in any more ‘structured’ training courses. Ever since completing the OSCE course by Offensive Security (OffSec), I’d been feeling good about much of my repertoire but had been itching to get some solid web courses under my belt. I had contemplated OffSec’s OSWE, but as it’s only offered at BlackHat, has no self-study options and because my work and personal life haven’t offered me time to go down that road, I’d been itching for other options. Enter the eLearnSecurity WAPTX online course.

Rewind the clock to a couple of months ago. I’ve long been familiar with eLearnSecurity, having previously reviewed the eCPPT certification training here at The Ethical Hacker Network (EH-Net) and discussing their various offerings with CEO and Founder, Armando Romeo. Each time I’ve looked at their materials in the past, I’ve been pleased with both the materials presented and the overall ‘bang for the buck’ that they’ve provided. Most recently, I’d been looking at the web application courses they offer, specifically Web Application Penetration Testing – WAPT and Web Application Penetration Testing Extreme – WAPTX. On the one hand I knew that eLearnSecurity was soon to be releasing an updated version of the WAPT course. But the subject matter and descriptions of the WAPTX were really intriguing to me, so I decided to go to the extreme (pun intended). Suffice it to say, I have been very happy with that decision. This course has been outstanding, and I’ve learned a TON from the material in these past two months! Let’s take an in-depth look.

Continue Reading

Book Review: Black Hat Python

| June 2, 2015 | 0 Comments

Earlier this year, I wrote of my long love affair with Ruby coming to an end and my desire to get back to python in order to build additional skills for the purposes of defense and response. That first step back into python resulted in the article, Book Review: Gray Hat Python by Justin Seitz. That book was one of the more interesting ones that I’ve reviewed, so when I had the opportunity to look at his latest work, Black Hat Python: Python Programming for Hackers and Pentesters, I was really excited.

Python has been the language of choice in the pen testing universe for a while now, and so having a good reference for building attack and analysis tools for use during attack exercises is really important. The back cover of the book ponders the question of how the magic of creating these tools happens and offers that, “…you’ll explore the darker side of Python’s capabilities—writing network sniffers, manipulating packets, infecting virtual machines, creating stealthy trojans, and more.” Sounds perfect. Let’s take a closer look and see if it delivers.

Continue Reading

Interview: Dave Chronister of Parameter Security

| May 5, 2015

Dave ChronisterHave you ever seen a speaker at a security conference, an expert being interviewed on television about the latest cyber attack or an instructor at a whiteboard with the breadth of knowledge one should have when putting your career in their hands? Have you ever wondered what it took for those people to get where they are? Now just imagine all of those people wrapped up into a single individual, add into the mix the extra duties of business owner and husband, and you start to get a picture of Dave Chronister of Parameter Security, HackerU and ShowMeCon.

Covering everything from his first programming project as a child and his BBS days through his first ‘real’ IT job and into how he became who he is today, read on for a fascinating interview. Dave also shares his thoughts on helping you get that job in InfoSec, hiring someone for your next security project and some great general advice. In anticipation of ShowMeCon 2015 June 8 – 9, get to know a little more about the man (and woman) behind St. Louis’ ONLY Premier Hacking & Offensive Cyber Security Conference.

Continue Reading

First Look: Cybrary Free IT Training

| March 27, 2015

Cybrary - LogoAs a life-long learner, and someone who is passionate about both bettering myself and helping others to reach higher and achieve their goals, I’m constantly on the lookout for fresh educational materials particularly in the areas of IT Administration and Security. I’m always amazed at the breadth of knowledge that is available, albeit, often at a substantial cost. I’m even more amazed at the amount of free content available but can’t help but be anxious about the quality, validity and dubious characters claiming to be experts just because they have a YouTube Channel. I’ve recently had the opportunity to get an up-close look at Cybrary, a relatively new online training provider with some known instructors. Oh… And before I forget, I should mention – they’re FREE! Could this be the best of both worlds?

Cybrary’s goal is spelled out very clearly when they describe “Our Revolution” throughout their site. They state, “We believe IT and Cyber Security training should be free, for everyone, forever. We believe that everyone, everywhere, deserves the OPPORTUNITY to learn. What they do with the opportunity is up to them, but the opportunity should be available. Join us in demanding liberation, help us in forcing change.” That’s all well and good. But how’s the actual training?

Continue Reading

Get eLearnSecurity PTSv3 Training Free!

| March 12, 2015 | 0 Comments

eLearnSecurity PTSv3 eJPT Certification LogoeLearnSecurity has long been a trusted training provider with multiple courses on offer. They recently updated their Penetration Testing – Student (PTS) course. The eLearnSecurity PTSv3 course is tailored for beginners. In addition to a brand new version, they also made available a new pricing structure that includes an Elite Edition, a Standard Edition and a free Bare Bones Edition. The Bare Bones Edition includes lifetime access to the training materials as well as email tech support. For a full rundown of the difference between the editions, click here.

Unfortunately, this is available only to those with an invitation. Luckily, we scored 100 seats in the invite-only free version of the eLearnSecurity PTSv3 Course. And this time there are no gimmicks, no contests, no requirements. It is simply a first come, first served deal for EH-Netters. Read on for the code that gives you access as well as some more details on the new pentesting course. This is for a limited time, so HURRY!!

Continue Reading

Win Training and Ticket to ShowMeCon 2015 – March Giveaway Sponsor

| March 6, 2015

ShowMeCon 2015 - LogoThis highly technical forum showcases eye-opening presentations from world-renown ethical hackers and epic security ninjas which will leave you amazed and frightened at the same time. By giving you access into the mind of a hacker, you will better understand how to protect your networks and critical data. As we always say “In order to beat a hacker, you have to think like one” and “if you don’t understand the enemy, how can you protect against him?” ShowMeCon 2015 pulls back the curtain and exposes how hackers are winning the war on physical and cyber security on June 8 & 9.

Before the con from June 3 – 7 several boot camps will be provided by Hacker University including hands-on hacking, router hacking, network defense, the updated CISSP certification and more. This is where you EH-Netters come in. Participate on EH-Net in our forums and through social media, and you could win one seat in the training course of your choice which also includes a ticket to the con (travel not included). With a value of well over $2200 and a wealth of professional activities, this opportunity should not be missed. We’ll be watching for the entire month of March and decide on a winner in early April. So get out there and support the community, and you could be the next big winner of EH-Net’s Giveaways!! Read on for more details of the courses and the event. Good luck.

Continue Reading

Book Review: Hacking and Penetration Testing with Low Power Devices

| February 27, 2015

Hacking and Penetration Testing with Low Power Devices” by Philip Polstra is an excellent read.  The author bases this book on his experiences in both hardware, software and penetration testing and combines the various disciplines to both educate and enlighten the reader.  Ultimately, the subject matter revolves around using the BeagleBone Black and a customized ARM penetration testing Linux distro, which Polstra’s dubbed ‘The Deck,’ to perform various types of hacking activities. It’s described as, “A practical guide to performing penetration tests from a distance with low-cost, battery-powered devices.” Oh yeah… just what the doctor ordered.

Let me open by saying that this book struck my “techie geek” nerve.  Years and years ago, not too long after I became a computer guy, but far before becoming a professional penetration tester, I managed a Radio Shack store (sad to see they’re going away).  I guess you could say I was a maker before it was called that. This book, while discussing pentesting, code, automation and stealth, offers the reader a great experience as he brings them into a world of hardware manipulation, discussions of power consumption, radio communication, and other really cool topics.  It truly embraces the mindset of the hacker in a cross-disciplinary way and acts like a perfect bridge for those currently in the computer hacking arena into the exciting wider world of the maker movement. I’m excited to share this experience with you, so let’s get to it.

Continue Reading