Recent Articles

Book Review: Applied Network Security Monitoring

| October 31, 2014 | 0 Comments

As books go, I’m a lifelong reader, so when offered the chance to do more ‘regular’ reviews for The Ethical Hacker Network (EH-Net), I jumped at the opportunity.  The past few weeks, I’ve been buried in a GREAT read.  Applied Network Security Monitoring: Collection, Detection, and Analysis by Chris Sanders and Jason Smith is an extremely informative dive into the realm of network security data collection and analysis.  Fitting for both the offensive and defensive sides of security, the book looks closely at the various concepts, practices and tools that combine to create functional and cost-effective Network Security Monitoring (NSM) solutions for IT environments of all shapes and sizes.  For the offensive-security minded, it gives an insight into the tools and techniques used to monitor the network, and allows one to consider how best to circumvent those methods.  For the defensive-security minded, the authors do a fantastic job of equipping the reader with not only methodologies but also with tools and realistic examples.

Bear with me on this review, as this book at 496 pages is a long one, but in my opinion, an excellent resource.  I’ll do my best to give a thorough overview of the material while keeping things as concise as possible.  Hopefully, you’ll see that it’s a worthwhile read in giving a running start into the world of NSM.

Continue Reading

Winner of CareerAcademy.com Online InfoSec Training

| October 9, 2014 | 5 Comments

CareerAcademy.com LogoWe Have a Winner!!

It’s back to school time. That doesn’t just mean for the kids. Everyone can take this opportunity to feel refreshed, to take your career by the horns and ride it to prosperity. Break open that brand new notebook, sharpen your pencils and let’s get to work! With this month’s prize, you can not only learn a huge number of topics, but you can have unlimited access to this learning for an entire year! Our friends at CareerAcademy.com have a proven track record of providing top notch IT certification training. Their InfoSec and IT Certification Subscription includes unlimited access to their entire instructor led, OnDemand InfoSec and IT training catalog. The catalog comprises 45+ training courses, including EC-Council Endorsed CEH, CHFI, ECSA/LPT, ENSA, Cisco Authorized CCENT, CCNA, CCNP, Microsoft MCSA, MCSE, CompTIA A+, Network+, Security+, ISACA CISA, CISM, ISC2 CISSP and VMware training courses. Make yourself stand out in your office! Begin your certification training today!

Our deserving EH-Netter this time around is hayabusa. Enjoy the multitude of courses now at your fingertips for a full year!! Keep us posted on your progress and feel free to submit a review article of the courses or an opinion piece on advancing your career through online learning. Either way, congratulations!

Career Academy is also offering a limited time special pricing of only $99 for the InfoSec and IT Certification Training All Access Subscription. Sign up now to get instant access! Get more details and access to free instant demo videos after the break.

Continue Reading

Book Review: Ethical Hacking and Penetration Testing Guide

| September 30, 2014


When asked by CRC Press to review a recently released book, Ethical Hacking and Penetration Testing Guide by Rafay Baloch, a closer look was in order before agreeing. The book description reads, “Requiring no prior hacking experience, Ethical Hacking and Penetration Testing Guide supplies a complete introduction to the steps required to complete a penetration test, or ethical hack, from beginning to end. You will learn how to properly utilize and interpret the results of modern-day hacking tools, which are required to complete a penetration test.” A brief review of the Table of Contents and Description from Amazon piqued my interest, so I accepted the request and got to reading.

The book was written to take people with some technical but little to no ‘hacking’ background, and introduce them to tools, techniques and methodology in order to familiarize them with pentesting. As there are quite a few books on the subject, I was a bit skeptical at first, as I’m always looking for something ‘groundbreakingly new’ or with some extra insights that other books may not have. I can say, with certainty, that while this wasn’t an overhaul of other books on the market, it was well organized and contained plenty of good information for a newcomer to get started into their learning.

Continue Reading

A First-Timer’s Experience at Black Hat and DEFCON

| September 18, 2014

A First-Timer's Experience at Black Hat and DEFCON - Edmondson & MitnickI was recently contacted by Don from The Ethical Hacker Network (EH-Net) and asked if I was interested in attending the Black Hat USA 2014 Briefings as the winner of a monthly giveaway contest on his site. I had never been to either Black Hat or DEFCON, so I jumped at the chance to see what the fuss was all about. This is a short write-up on my conference experiences to help give future first-timers an idea of what to expect.

Before getting to my experiences as a BH/DC Virgin, let me share a little about myself. I’ve been performing digital forensics for five years and started studying hacking and pen testing about two and a half years ago. I originally started my studies to improve my forensics skills but it soon became my favorite hobby. I feel that it’s important to include this information, as there is a huge variety of ages, experiences and personalities of the attendees. What you bring as well as what you expect to do can drastically affect your own experience of these two events. Therefore, your mileage will most certainly vary.

Continue Reading

September 2014 Giveaway Sponsor is CareerAcademy.com

| September 3, 2014 | 0 Comments

CareerAcademy.com LogoWin a Year of Unlimited Online Training Worth $3495 from CareerAcademy.com!

It’s back to school time. That doesn’t just mean for the kids. Everyone can take this opportunity to feel refreshed, to take your career by the horns and ride it to prosperity. Break open that brand new notebook, sharpen your pencils and let’s get to work! With this month’s prize, you can not only learn a huge number of topics, but you can have unlimited access to this learning for an entire year! Our friends at CareerAcademy.com have a proven track record of providing top notch IT certification training. Their InfoSec and IT Certification Subscription includes unlimited access to their entire instructor led, OnDemand InfoSec and IT training catalog. The catalog comprises 45+ training courses, including EC-Council Endorsed CEH, CHFI, ECSA/LPT, ENSA, Cisco Authorized CCENT, CCNA, CCNP, Microsoft MCSA, MCSE, CompTIA A+, Network+, Security+, ISACA CISA, CISM, ISC2 CISSP and VMware training courses. Make yourself stand out in your office! Begin your certification training today!

Alright EH-Netters. You know how this works. Participate on EH-Net and our various outlets, and you could be chosen as the winner. So submit an article, post in our forums, help a newbie, tweet about us, join our LinkedIn Group… Get Involved!! We’ll be watching during the entire month of Sept. The winner will be announced in early October.

Don’t wait to see if you won! Career Academy is also offering a limited time special pricing of $99 for the InfoSec and IT Certification Training All Access Subscription. Sign up now to get instant access! If you are the one lucky winner of the 12 months of training, you will receive a full refund on your $99 purchase. Get more details and access to free instant demo videos after the break.

Continue Reading

Winner of Free Ticket to Black Hat USA 2014 Briefings

| July 21, 2014 | 0 Comments

Black Hat USA 2014 Logo

We have a Winnah!!

Each year, EH-Net partners with Black Hat Events as a media sponsor. As part of that package we obtain an extra ticket to the Briefings portion of Black Hat USA 2014 with the specific intent on giving it to one of our top contributors. This year is no different on our end, although the Vegas side of things will be quite different this year. Although BH has called Caesars Palace it’s home for over a decade, the 2014 event has moved to the Mandalay Bay. But what hasn’t changed is the fact that this is the place to be for hackers. With the combination of Black Hat (Aug 2 – 7) and DEF CON (Aug 7 – 10) leading the way, and other smaller events in the Vegas area also running at the same time, this is the one week of the year like no other. For more information, please visit the Black Hat USA 2014 listing on the EH-Net Global Calendar of Events.

So whether you had no plans on going at all this year or already have plans to be in Vegas for that week anyway, EH-Net offered a chance to join what is known as “the show that sets the benchmark for all other security conferences.” As Black Hat returns for its 17th year, EH-Net member azmatt will join the brightest in the world for six days of learning, networking, and skill building. Congratulations on winning the Free Ticket to Black Hat USA 2014 Briefings Aug 6 – 7 worth $2200. Didn’t win? Don’t worry. Regulars and even casual readers of EH-Net can still benefit as the $100 discount by using coupon code TDCCbr100off is still available.

Win Free Ticket to Black Hat USA 2014 Briefings

| June 11, 2014 | 1 Comment

Black Hat USA 2014 Logo

Win Black Hat USA 2014 Briefings Ticket = $2200

Each year, EH-Net partners with Black Hat Events as a media sponsor. As part of that package we obtain an extra ticket to the Briefings portion of Black Hat USA 2014 with the specific intent on giving it to one of our top contributors. This year is no different on our end, although the Vegas side of things will be quite different this year. Although BH has called Caesars Palace it’s home for over a decade, the 2014 event has moved to the Mandalay Bay. But what hasn’t changed is the fact that this is the place to be for hackers. With the combination of Black Hat (Aug 2 – 7) and DEF CON (Aug 7 – 10) leading the way, and other smaller events in the Vegas area also running at the same time, this is the one week of the year like no other. For more information, please visit the Black Hat USA 2014 listing on the EH-Net Global Calendar of Events.

So whether you had no plans on going at all this year or already have plans to be in Vegas for that week anyway, here’s your chance to to join what is known as “the show that sets the benchmark for all other security conferences.” As Black Hat returns for its 17th year, you too can join the brightest in the world for six days of learning, networking, and skill building. Join them for four intense days of Trainings and two jam-packed days of Briefings. How do you do that? Simply participate. For the rest of June and the start of July, contribute to the EH-Net Community Forums, spread the word of EH-Net on your blogs, RT our tweets, join our LinkedIn Group… in other words GET INVOLVED! The winner will receive a Free Ticket to Black Hat USA 2014 Briefings Aug 6 – 7 worth $2200. Even casual readers of EH-Net can still benefit as we have also secured a $100 discount by using coupon code TDCCbr100off. So get at it, and we’ll be watching. The winner will be announced on or near Monday July 7, 2014. Good luck.

Hacking Airwaves with Fruit Part 1: WiFi Pineapple Mark IV Basics

| June 10, 2014 | 0 Comments

Hacking Airwaves - WiFi Pineapple Mark IV LogoIf you’re doing any wireless penetration testing these days, odds are you have a WiFi Pineapple Mark IV from Hak5 in your toolkit. If you’re not a professional penetration tester or are just starting out with wireless hacking, the Pineapple is a device that will save you a considerable amount of headaches and is easily the best “all-in-one” tool for the job. This first article in a series of three tutorials is all about walking you through those first baby steps of configuration to get your new toy up and running. Part 1 starts with the Mark IV since many shops have this device already. Part 2 of this series covers the new Mark V, and Part 3 will show the device in action on a real pen test.

The first step to being successful in any endeavor is preparation, and the pineapple is no different. This tool packs a considerable amount of options into a small frame, and getting your new device up and running prior to “game time” is critical. We’ll show you how to set up your host computer’s network interfaces, the communication options to talk to the device, installing and configuring modules (known as Infusions), and more. So let’s get to it.

Continue Reading