Win Your Choice of iClass Worth $2895!
 What's the first thing to go in a bad economy? Training & travel. With EC-Council sponsoring our Free Monthly Giveaway with one (1) Certified Ethical Hacker seat delivered via its iClass format, both concerns have been taken care of for you. iClass is EC-Council’s live, online, instructor-led training modality! There are two delivery formats: 1. FlexClass: This schedule is designed to spread the learning out over a period of time and avoid missing a full week’s worth of work. The times are 4pm – 8pm, MST twice a week for 5 weeks. 2. iWeek: This schedule is similar to the standard 5 day format found at the majority of training centers. The times are 8am – 4pm MST every day for 5 consecutive days. The SRP of the course is $2895 and includes the certification voucher, official courseware and shipping! Select your area of interest and join us for our next available iClass to discover all the benefits of EC-Council certification without the added expense of travel. Courses include Security Fundamentals, Ethical Hacking, Penetration Testing, Computer Forensics, Disaster Recovery & Secure Coding. If you already have your CEH, then we will do our best to get the winner into the class of their choice. So what are you waiting for? Get posting in our forums!
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
Review by Ryan Linn, CISSP, MCSE, GPEN
| “Gray Hat Python” by Justin Seitz, one of the latest releases from publisher, No Starch Press, focuses on using the Python programming language for reverse engineering. This book is subtitled “Python Programming for Hackers and Reverse Engineers” which is fitting as Justin is a member of Immunity Security, makers of the Canvas penetration testing platform and the Immunity Debugger. The foreword by Dave Aitel, Immunity's CEO, is an excellent introduction to why the content of this book is important. It focuses on the short time span that is required from discovery of a bug to exploit, and the necessity for flexible, fast, and collaborative vulnerability discovery and exploit development. Dave does an excellent job in setting the tone for why the information in the book is relevant and what the drive is for these types of tools in the industry. |
Download 2 Free Chapters Below
|
|
|
Read more...
|
|
|
 This review is long overdue. My apologies to EH-Net readers, SANS and especially Joshua Wright, developer and instructor of SEC 617 - Wireless Ethical Hacking, Penetration Testing, and Defenses. Its lateness is more due to my inability to comprehend exactly what I experienced than to a lack of desire to complete the task. I honestly sat down at the keyboard multiple times, but each time I felt I wasn’t doing the course or Mr. Wright justice. OK… so like every other SANS course, it had quality courseware, the instructor was top-notch, and I walked away with much more knowledge than when I arrived. So I could simply state the above sentence, report on each and every day of the course offering endless details, recommend it to the masses and be done with my job. But even that felt like empty rhetoric.
As with the review of SANS 560 – Network Pen Testing and Ethical Hacking entitled "Ed Skoudis and the Pen Testing Factory," and many other articles, I felt the writer’s need to have a theme. And it doesn’t have to be a movie, but something that weaves a thread through the words to keep the reader engaged. Just the right connection or idea can make all the difference in the world. And as many do when faced with writer’s block, I let it sit for a while knowing that inspiration would hit me when not looking. But even with pressure and anxiety to produce, it wasn’t coming. Forcing it made for poor results. Suddenly during the minutia of daily life, a bright red spine from one of many bookshelves in my basement caught my eye. I had found my theme.
|
|
Read more...
|
|
|
 After more than 10 years in the information security industry and a significant amount of time running a lab that tests products, I’m a pretty difficult guy to impress with technology. And I’m NEVER nice to vendors. They hate me. As an example, when running said test lab, we once had a vendor give a client six-figures worth of software when the client told them that we’d be testing it before they purchased. The client was happy, so we did our jobs even though we never tested a thing.
The only product I have ever had a net positive review of was the Safeboot disk encryption product, and even then, it was a case of being damned with faint praise. I believe that the entire positive part of our assessment was: “the product works as advertised.”
So, when Don approached me to do a review of the IronKey Personal, I knew I was going to rip it apart. I was going to write a scathing review of how terrible their product is and why these “gimmicky” pieces of hardware don’t work. Because they usually don’t.
|
|
Read more...
|
|
Win Ticket to Black Hat USA = $1595!!
 Attend Black Hat USA on us, EH-Net. The world's premier technical event for ICT security experts is being held July 27 - 28, 2009. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with thousands of delegates and review products from leading vendors in a relaxed setting, including Sustaining Sponsors Core Security, IOActive, Microsoft, Norman, Qualys and SAINT. At stake is a Passport Admission Ticket worth $1595 ($1995 at the door) that allows entry into the Briefings portion of the event. This year's venue is again Caesars Palace in Las Vegas.
This should be a great incentive to really get those forums hopping with participation. I'll be there as will many other EH-Netters. Will you?
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
 Review by Jason Haddix, Security Aegis
Anyone who knows training (or InfoSec for that matter) knows SANS is probably THE most recognized name in InfoSec training. While the foundation of SANS is Stephen Northcutt and Alan Paller, his superstars are the InGuardian’s crew. Call them security divas, we don’t care. We know that Ed Skoudis, Kevin Johnson, Mike Poor, and Joshua Wright are instructors with whom we’d give the whole of our security budget to train. We can’t decide what we like best: their stellar tool development, their helpful whitepapers, their nifty cheat sheets, their open source projects, or the fact that their courses are the most interesting and engaging we’ve seen.
Web application pen testing is a huge focus for the security space right now, and SANS just turned their 4-day SEC542 - Web App Penetration Testing and Ethical Hacking into a 6-day class. We had the chance to pick the brain of its instructor/creator Kevin Johnson, InGuardian pen tester, father, and all around great guy.
Read on as he answers our questions on a wide array of our web-app security queries. 
|
|
Read more...
|
|
We Have Winners!
 We've had great success when trying to find prizes that allow EH-Netters to advance their knowledge and careers without the need to travel. As we all know, training and travel are the first things to go when times are tough. Like it or not, we always need to continue learning even when the travel purse strings are tied overly tight. CBT Nuggets fit the bill perfectly. For those of you who don't know, CBT stands for computer based training. CBT Nuggets are series of 30 - 60 minute chunks... or nuggets... of videos each covering a given topic on the certification of your choosing. It makes it easy and engaging to study for your certs without the need to travel or complete your studies on someone else's time frame. CBT Nuggets are also very cost effective without flashy productions. They concentrate on just providing the info you need at prices anyone can afford. Topics include CISSP, CEH, CISA, Microsoft, Cisco, Wireless, Linux and all of the CompTIA exams even the updates Security+ for 2008!
The 3 lucky EH-Net members this month are Kethcup, timmedin and xXxKrisxXx. They will each receive not only one full month of streaming access to the entire CBT Nuggets Video Library, but they will also receive a $200 CBT Nuggets Gift Certificate. This is enough for another month of full access or can be applied to the full purchase of the video series of their choice. Thanks and congrats!!
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
Review by JP Bourget, CISSP, MCSE, MS
|
Having a process to better understand your logs, be it firewall, packet captures, IDS, web server, or proxy logs, is something that many security professionals strive for. We have seen some interesting software over the past few years, such as OSSIM and Splunk. Some vendor’s provide excellent log visualization for their products, some don’t do enough, or aren’t flexible enough. That brings along Applied Security Visualization (ASV) by Raffael Marty. Marty’s book gives some valuable insight on how to bridge the fields of IT Security and Data Visualization all in one book. While this book provides a wealth of detailed knowledge, I’m going to point out the major features instead of getting really detailed.
Free Chapter Link Below
Chapter 5 - Visual Security Analysis
|
|
|
|
Read more...
|
|
|
 Applications are moving away from the desktop and onto the web. With technologies like AJAX and Flash and the popularity of Mash-Ups and social networks, web application penetration testing is becoming increasingly important. Pushes for penetration testing are being driven by compliance, regulation, and a desire to not end up on the evening news, so a quality web application penetration testing class has been long overdue. SANS has stepped up to the plate and re-released SEC542 Web App Penetration Testing and Ethical Hacking as a 6-day course with stronger hands-on exercises and culminating with a final day where students perform a penetration test on the classroom network. The original course was a 4-day version, but Kevin Johnson of InGuardians has updated and enhanced the content to contain many of the cutting-edge web application hacking techniques seen in the field today.
I recently had the opportunity to take the re-born SEC542 course in Orlando, Florida as part of the SANS 2009. SANS 2009 was one of the larger yearly conferences that SANS offers with quality evening talks after classes which offered additional content for no additional cost. Some of SANS higher profile members presented fresh content ranging from Josh Wright's talk on the risks associated with using personal wireless devices such as the Nike +iPod titled "Privacy Loss in a Pervasive Wireless World" to Ed Skoudis' talk on cutting-edge tricks and techniques in "Secrets of America's Top Pen Testers." The secondary benefit of the large conferences was the ability to network with instructors and peers. There were frequent opportunities to hang out and talk with SANS instructors and other students after hours, with impromptu events such as full-contact mini-golf, dinner and karaoke. It is commonly known that an event is what you want to make of it, and SANS 2009 came through in spades in providing an educationally rich environment. So if an attendee didn’t take advantage of networking with those in the industry, then it certainly wasn’t SANS fault.
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 Next > End >>
| | Results 1 - 13 of 88 |
|
del.icio.us
(5) 
Other : Firefox 3.5 Released
Tools : Free GFI Software Via 'We Care'
Linn : [Article]-Review: SANS SEC542 - Web App Penetration Testing and Ethical Hacking
