Win CISSP Prep Course Worth $2895!!
OK... the new year is upon us, and so are the resolutions and goals we've set out for ourselves. Hopefully most of you not only have the technical side of your brain in your plans, but also the management skills that are more and more expected of us geeks as we advance in our careers. Enter Global Knowledge and their dedication in helping to support your pursuit of IT security knowledge building.  Global Knowledge offers one lucky EH-Net member the CISSP Prep Course (terms & conditions). This course includes all the tools you need to prepare for the updated (ISC)2 Certified Information Systems Security Professional exam. Prepare with confidence with this course and these exciting tools:
• Custom study guide containing summary charts, insightful data, and practice exams
• A free copy of McGraw-Hill's CISSP Certification All-in-One Exam Guide, 5th Edition
• CISSP Exam Cram Sheet
• CISSP certification practice exam
To make it even better, Global Knowledge has several ways in which to deliver this course whether it be in-person or online. That kind of flexibility gives students options when it comes to both budget and travel. So what are you waiting for? Go hit the EH-Net Community Forums and you could be one of the many winners of high cost, high quality prizes offered each and every month.
|
|
 
|
Discuss in Forums
|
|
|
|
Read more...
|
|
|
 Chris Hadnagy
Over the last year social engineering has gotten a lot of press. From the attacks on companies like Sony, HB Gary, PBS, Citibank et al to contests like the Social Engineering CTF at Defcon, it seems that social engineering has taken the front page. And rightfully so, as it is still the easiest and often most effective vector of attack. With that in mind, many people are interested in learning what it will take to either add social engineering skills to their tool chest (either personally or as part of their red team) or even become a full-time, professional social engineer.
And that was the impetus behind Chris Hadnagy's new monthly column exclusively at The Ethical Hacker Network, how to become a professional social engineer. So to get the ball rolling, I compiled this Top 5 List to help each person make this a career path or at least add it to their present security practices. As we move through the coming months, we’ll explore the history, methodologies and practical experiments in attacking the human. It will not only be educational but eventually lucrative for you and your organizations.
|
|
Discuss in Forums
|
|
|
Read more...
|
|
We Have a Winner!!
 In a continuing effort to provide top quality training in a format that helps those with strapped travel budgets, SANS has come up with a unique way of being at the event... without actually being at the event. Introducing SANS Event Simulcast. Simply log in to a virtual classroom to see, hear, and participate in the class as it is being presented LIVE at the event. The Event Simulcast option is available for many classes offered at our largest training events. And EH-Net member Agoonie just won his choice of the following courses at SANS 2012 starting March 25:
- SEC401: SANS Security Essentials Bootcamp Style $4395
- MGT414: SANS® +S™ Training Program for the CISSP® Certification Exam $3995
- DEV522: Defending Web Applications Security Essentials $4195
- SEC560: Network Penetration Testing and Ethical Hacking $4595
Thanks to each and every EH-Netter for continuing to make this the place to make a career for yourself. The prizes continue throughtout 2012, and the only way to win is to become a memebr and participate. Sounds like a great New Year's Resolution. 
|
|
|
Discuss in Forums
|
|
|
|
Read more...
|
|
|
 Eli Sowash, CISSP
As an information security professional, the task of communicating InfoSec concepts and concerns to executive management can sometimes be challenging. That security breaches like Sony, RSA, and Lockheed are grabbing mainstream media attention means security ideas and concerns are increasingly making their way to the boardroom. Since executive support can be one of the most valuable tools in the InfoSec professional’s toolbox, using these case studies with your own management can be a great starting point in letting them know that the security team understands the risks to the business.
It’s the job of an organization’s executive management to set the strategic direction, and building a relationship with the management team can mean incorporating proper security practices into the business process at the highest level. InfoSec professionals can then parlay this seat at the table with the baby step of an awareness program, which is a great way for management to lead by example.
We are all being called upon to answer to and collaborate with senior management differently than in years past. Here are three tips I’ve found that help to explain our world to the businesses we’re protecting.
|
|
Discuss in Forums
|
|
|
Read more...
|
|
|
 Review by Tristan Lawson, CISSP, MCSE: Security, GCIH, OSCP et al
So often as security professionals we hear how bug hunters both black hat and white hat find vulnerabilities and release them to the vendor or use them for monetary gain. We wonder how they actually went about finding these vulnerabilities and what hurdles they had to jump to find them. "A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security" by Tobias Klein focuses on helping different levels of security professionals understand the approaches used to uncover vulnerabilities, testing the vulnerabilities found and finally reporting on those vulnerabilities. It is short and to the point and offers nothing but valuable content with little to no fluff content.
The book was written as though Tobias was writing in a journal as he was progressing through his research of a particular application. Each chapter is a separate journal entry focused on a single application into which he dug and eventually found a vulnerability. He then determined if it was exploitable and in turn released it to either the vendor or to a vulnerability broker. This is a fascinating look into the heart of a sector of the security economy not previously exposed to a wider audience.
After the break, look for a link to a free download of Chapter 2: "Back to the 90s"
|
|
Discuss in Forums
|
|
|
Read more...
|
|
We Have a Winner!!
 Black Hat Events was the sponsor last month of EH-Net's Free Monthly Giveaway with a very flexible offering of a free pass for full conference admission to the Black Hat event of your choice between now and the end of 2013. As we mentioned, this one was going to be a little different as winning depended on particpation in the poll and not our normal participation on EH-Net. With that, we used the trusty services of random.org to help pick EH-Net member elwellj as our winner. Congrats!
For those unfamiliar, "The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow's information security landscape." It's the one trip I do everything I can to make every year, the week of Black Hat and DEFCON in Vegas. You should, too.
|
|
|
Discuss in Forums
|
|
|
|
Read more...
|
|
|
 CompTIA has been a stalwart in the IT certification arena for quite a number of years. They have dominated the space with such recognized credentials as A+, Linux+, Security+ and many others. Their certifications have been highly recommended by The Ethical Hacker Network (EH-Net) as well as countless others as an entry-point into a given area of IT. But can CompTIA help advance the careers of those already in the field of their choice within IT?
Enter CompTIA’s newest line of industry credentials, the Mastery Series of Certifications. The first offering from this new line is the CompTIA Advanced Security Practitioner, CASP (pronounced C-A-S-P like an acronym as opposed to ‘casp’ like a word). At first glance, it would appear as though CompTIA is taking on ISC2 and the venerable CISSP. After a closer look, this isn’t quite the case. Let’s find out more from Carol Balkcom, CompTIA’s Director and Product Manager for the CASP.
|
|
Discuss in Forums
|
|
|
Read more...
|
|
|
 Chris Gates, CISSP, CISA, GCIH, GPEN, C|EH
In the first article, Oracle Web Hacking Part I, I talked about scanning Oracle Application Servers for default content and how to use that content for information gathering. A pentester can utilize that information to run SQL queries and to gain a foothold into the network. I also talked about iSQLPlus and some fun things you can do with that application, if you are able to guess credentials for it. I also showed some Metasploit modules to help you accomplish all of it.
In Part 2 of 3 of this ongoing series of columns, I’ll dive into attacking the Oracle Application Server Portal (OracleAS Portal). I’ll focus on Oracle 9i and 10g up to Release 2. With 11g (10.3.x) Oracle moved to Weblogic, and it’s completely different and therefore out of the scope of this series. But there are plenty of shops out there still using 9i and 10g, which gives us plenty of opportunity for breaking stuff. So, let’s get to it.
|
|
Read more...
|
|
We Have Lots of Winners!!
 That's right! With over $14,000 worth of training to give away from last month's sponsor, there are lots and lots of winners. Many thanks to Mile2 for their generosity not only to the members of EH-Net this month, but also their continued support of those in the military and law enforcement. I know the value of the prizes are staggering, and I don't fool myself in thinking that this can continue each and every month, but I'll ride this current wave as long as I can. Mile2 offers quality training for topics ranging from pentesting & forensics to disaster recovery and secure coding. See all of Mile2's course offerings. And the winners are:
- Two online live seats ($3000 per seat) and free exams ($250) for cd1zz & a player to be named later.
- 10 video and examination combos ($800 per seat) is awarded to 3xban, alucian, billv, eth3real, hayabusa, Joshsevo, Negrita, p0et, rance & YuckTheFankees.
- And ALL EH-Netters Win 50% Off Anything & Everything Mile2 Offers
As with every month, all you have to do is participate on EH-Net. Write some reviews or tutorials, spread the word of EH-Net to the wider security community, share in the forums, help someone advance their career, tweet our articles... whatever you think you can do to increase the reach and effectiveness of our growing community gets you noticed. Getting noticed gets you great prizes. It's that simple. Congrats to the winners, and thanks for all you do to make EH-Net THE place for security professionals!
|
|
|
Discuss in Forums
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
| | Results 1 - 13 of 176 |
|
(4) 
del.icio.us
Links to cool sites. : LM, NTLM, & MD5 Online password Cracker "Plan-text.info"
