Win Advanced Pen Testing Course = $2000!!
Time to step it up. Long time member of the security community and friend of EH-Net, Joe McCray of LearnSecurityOnline, gets you out of PPT hell and into a highly secure lab environment for 5 days of intense training. Up for grabs this month is a free seat in his course to be held 13th - 17th December 2010 just outside of DC.
Advanced Penetration Testing (APT): Pentesting High Security Environments is a five-day intensive course that focuses attacking and defending highly secured environments such as 3-letter agencies, DoD, financial organizations, federal organizations, and large companies. This is NOT your normal Ethical Hacking course. You won't be attacking unpatched Windows 2000 Servers, and you won't be learning a bunch of outdated tools. In APT, you will be learning how to attack new OSs such as Windows Vista, Windows 7, Windows Server 2008, and the latest Linux servers. All of these servers will be patched and hardened. Both Network and Host-based Intrusion Detection/Preventions systems (IDS/IPS) will be in place as well. The learning curve is high, but the rewards are astronomical. Over 80% of class is hands-on hacking labs. It is however primarily designed for Network/Web Application Penetration testers that are looking for the little tips and tricks that will help them better attack high security environments.
Joe and I have worked out an even better deal. EH-Netters get a $500 discount! At only $1500, this course is a steal. Click here now to reserve your seat. Full course description can also be found at the link provided.
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
We Have Winners!!
 We often talk about the foundation one needs to become a security professional and perhaps eventually an ethical hacker. Most who have ventured into this or an associated field have come from one of a few areas: systems admin, programming or networking. So to ensure that you have the networking portion covered, we offer up this month's prize of video training for Cisco Certifications from long-time training provider, CareerAcademy.com. Of course be sure to check out their security video training titles as well including CEH, CISSP, Security+ et al.
To the 2 deserving members this month goes CareerAcademy.com's latest Cisco Authorized Video Training Library. EH-Net members H1t M0nk3y and Dark_Knight each get 3 months of unlimited online access to all of the following Cisco® training programs (list below). Congratulations to you both.
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
Read more...
|
|
|
 Tutorial by Wardell Motley
Maltego, developed by Roelof Temmingh, Andrew Macpherson and their team over at Paterva, is a premier information gathering tool that allows you to visualize and understand common trust relationships between entities of your choosing. Currently Maltego 3 is available for Windows and Linux. There is also an upcoming version for Apple users that has yet to be released.
Information gathering is a vital part of any penetration test or security audit, and it’s a process that demands patience, concentration and the right tool to be done correctly. In our case Maltego 3 is the tool for the job.
In this article we explore Maltego 3 and examine its fundamental features and a little hands-on with the newly designed version. If you haven’t already had a chance to upgrade to or pick up Maltego 3 you are missing out.
|
|
Read more...
|
|
We Have a Winner!!
 As the unfortunate realities of the economy still plague us, there's more of a need than ever for quality training without the expense of travel. SANS has responded with vLive. As they describe it, "SANS vLive! leverages webcast flexibility and the latest online technology to enhance students' learning experience. SANS vLive! live Webcasts are scheduled once or twice a week for 3 hours, depending on course requirements, and feature Elluminate Live!™, a collaboration of realtime, interactive online tools to bring quality security education direct to your desktop." So what does that mean? There's not just a flashy online version of PPT decks... you get real interaction with the instructors live on your own desktop from the comfort of your own home. Up for grabs this month to one top contributor was a free seat in either:
- SEC504: Hacker Techniques, Exploits & Incident Handling (starting 11/9) taught by Bryce Galbraith and John Strand
- SEC542: Web App Penetration Testing and Ethical Hacking (starting 12/6) taught by Kevin Johnson and Seth Misenar
The winner this month should come as no surprise, because he was chosen last month but couldn't take advantage of it. This month he accepted and chose SEC542. So congrats goes to EH-Net member Jesus Oquendo AKA sil. Congrats. Although you may not have won, there's plenty of seats still available in this unique course offering. Be sure to tell them EH-Net sent you or just use Discount Code Connect_EHN10 for 10% Off this or any other SANS product.
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
|
 Review by Justin Kallhoff, CISSP, C|EH, GPCI, GCIH et al
Current statistical evidence from multiple reputable sources suggests current signature-based anti-malware technologies have detection rates below 35%. I don’t think any of us expect that percentage to increase, instead I expect it continue to decrease as malware authors continue to learn, cooperate, and gain sophistication. This disturbing trend has information security paranoids, like me, continually evangelizing “it’s not a matter of if, it’s a matter of when” your organization will experience a compromise.
Those of us responsible for protecting organizations from malware or responding when defenses fail need to elevate our reverse engineering and forensics skills for the rocky road that lies ahead. I have been frustrated a number of times while attempting to determine what a particular piece of malware did to a system. A majority of organizations lack defense-in-depth and appropriate logging levels, so it can be very difficult to determine who did what, when, and what may or may not have changed as a result. In many situations, a post-mortem analysis or a reenactment may be required to determine the extent of the incident. This is where Lenny Zeltser’s SANS Forensics 610: Reverse Engineering Malware course comes in handy. It is now a 5-day, in-depth course covering a multitude of topics involving malware analysis.
|
|
Read more...
|
|
|
Review by Michael Heinzl AKA EH-Net Member Awesec
People often ask if they should learn Assembly language - if it's worth the efforts, and if it's a necessity in order to become a good penetration tester. Short and personally answered, I'd say certainly yes. If you are interested in areas like Reverse Engineering and Exploit Development, Assembly knowledge is a must-have. The second question which often comes directly after “Should I learn Assembly?” is “How and where to start?” One of the few given recommendations often points towards Randall Hyde's “The Art of Assembly Language” (AoA) for which the second edition was recently published.
|
The revised >700 pages strong edition covers Hyde's High Level Assembly, short HLA, which was developed in order to teach Assembly language to students at university in an easy way without the need to know everything that might be necessary to know for real Assembly language. Therefore, it's not the real low-level assembly known by many readers, as it supports control structures such as loops and exception handling, and even OOP.
|
|
|
|
Read more...
|
|
We Have a Winner... and a Hero!!
 At stake this month was one Conference pass for the BlackHat Briefings (July 28 - 29) worth $1995, and the consensus pick by the members was sil. He couldn't make the event and suggested dynamik, who also couldn't make it. So I went with long-time EH-Netter, Ketchup. Congrats and thanks for the support over the years. You deserve the free ticket to the Black Hat 2010 Briefings worth almost $2K!!
And now for an extra special shoutout for someone who exemplifies the exact type of member we cherish here on EH-Net. When building a community, one can only hope for active members to possess a positive attitude, willingness to help others and give back to the community that gave so much to all of us. EH-Net member, rvs, in simply trying to spread the word, retweeted an offer for SensePost training at BH. He won and was offered to attend any of their courses at BlackHat for free (worth up to $2700). He could not attend, and, instead of letting it go, selflessly offered it up to the winner of the EH-Net BH Giveaway. SensePost agreed and now Ketchup is getting his butt kicked 'a little' by Hacking by Numbers: Combat Edition. Since what goes around comes around, we'll be on the lookout for something that rvs can use, and offer it to him gladly.
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
|
 By Jamy Klein, MSIA, CISSP
According to Panda Labs over 25 million new pieces of malware were released into the wild in 2009. 2010 is expected to be even worse. In addition to sheer volume, malware is becoming more sophisticated and targeted as a result of the influx of organized crime and state sponsors into the realm of malware authoring. Due to this unsavory trend, the SANS Institute has developed a course, Reverse-Engineering Malware: Malware Analysis Tools and Techniques AKA FORENSICS 610, to help white hats that need essential malware analysis skills and also to prepare security professionals for the GIAC Reverse Engineering Malware (GREM) certification. SANS describes FOR610, as:
“Teaches a practical approach to examining malicious software that runs natively on Microsoft Windows, and covers web-based malware such as JavaScript and Flash files. You will learn how to reverse-engineer malicious programs using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools for turning malware inside-out.”
In my work as a Security Engineer, I am frequently asked to analyze web sites and file downloads for potential infection. This course filled both a professional need and personal interest need for me in malware analysis. After attending the 4-day course (now officially a 5-day course) at SANS Security West 2010 in San Diego, I sat down with the course author and instructor, Lenny Zeltser (pictured), to discuss his background, the course and malware analysis in general.
|
|
Read more...
|
|
|
 As a social engineer, you spend all of your time manipulating people’s brains. Yet most of the social engineers I meet don’t know the difference between the amygdala and the cerebral cortex.
And you need to.
So this article is going to give you a quick trip through the human brain.
The brain isn’t just a single organism – it’s truly a three-part entity known as the triune brain. The idea of the triune brain was first proposed by Paul MacLean. He proposed that the brain that you and your caveman ancestors shared is not a single brain but actually a three part structure. MacLean viewed our brains as similar to "three interconnected biological computers, [each] with its own special intelligence, its own subjectivity, its own sense of time and space and its own memory.” That is, while each of the three brains interacts, each one functions as a separate and somewhat independent unit.
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
| | Results 1 - 13 of 118 |
|
del.icio.us
(6) 
News Items and General Discussion About EH-Net : [Article]-August 2010 Free Giveaway Winners - CareerAcademy.com
