We Have Winners!!
On March 21, 2012  eLearnSecurity released a drastically improved verion of the course materials for their professional-level training course, Penetration Testing Course Professional. PTP2 now looks highly more sophisticated, polished and advanced than before with 4 hours of new up to date videos, 800 new slides and completely new modules. PTP2 aims at becoming the most hands-on training course on penetration testing with extremely in-depth course material and two different and highly advanced Virtual Labs integrated within the course itself: Coliseum for web application security and the newly announced Hera Lab. The Professional training course leads to the highly practical eCPPT Certification that certifies penetration testers for both testing and reporting skills. The prize this month is 2 seats worth $799 each of the Penetration Testing Course Professional v2 including:
• Hera Virtual Lab access for 30 hours for each
• Coliseum Lab 30 days access for each
• 1 eCPPT exam voucher for each
As always on EH-Net, top contributors are the ones considered for the prize. This month the 2 deserving EH-Net members are ziggy_567 & chrisj. Congratulations to this month's winners! Don't fret if you didn't win. New prizes given away each and every month. And don't forget to check out the Review of PTP2 by Andrew Johnson.
|
|
 
|
Discuss in Forums
|
|
|
|
Read more...
|
|
Win 1 Free Training Seat at iSWAT 2012 Worth $3995!!
 Our friends at FishNet Security are putting on an all-inclusive security event this September 17 - 21 in Vegas with a focus on your infosec career. Not only will there be plenty of activities like all conferences have, but iSWAT will also include a huge number of training courses with certification exams given on the spot. Expert instructors from FishNet Training Services will be conducting courses from well-known organizations such as 7Safe, BlueCoat, CheckPoint, ISC2 (CISSP), CompTIA, F5, EC-Council, Juniper, McAfee, Palo Alto & Websense. FishNet invites you to become an information technology security Warrior by training side-by-side with seasoned elite security leaders in the 2012 Information Security Warrior Authorized Training (iSWAT) event. During this training event, you will gain tactical insights and strategies to conquer your career and corporate goals with:
• Nationally recognized elite instructors offering multi-vendor training programs
• Network with industry leaders
• Onsite certification testing
• Reduced costs with a single training event
So what's in it for you? Not just a ticket to another security conference, but this month's chosen winner gets a full seat in the training course of their choice... and there are plenty from which to choose. To see a list of what you might win, see the iSWAT List of Training Courses. Past participation is also taken into consideration when deciding on a winner, so if you're top on the list of posts but haven't contributed in a while, now is your chance to get back in the game. Don't fret, new EH-Netters also get consideration. You never know what contribution might take off, so get to it, and you could be in Vegas putting your career into high gear. Even if you don't win this prize, you still win. Be sure to use Coupon Code “Warrior” to Save $600!
|
|
|
Discuss in Forums
|
|
|
|
Read more...
|
|
|
 Review by Andrew Johnson CISSP, GPEN, eCPPT, OSWP et al
It’s rare for an organization to quickly rise to prominence through the release of a new training course, but that’s exactly what eLearnSecurity did with the first release of their Penetration Testing Professional course back in 2010. This upstart company is based in Pisa, Italy with a location in the USA in Colorado as well, but the beauty is that their training is entirely online, so clearly travel is not required. This review covers the second release of Penetration Testing Professional (affectionately known as PTP2), which most notably contains expanded content and new lab environments.
The course is delivered through a web-based Flash interface. The presentation will be familiar to anyone who has experience with the first iteration of the course, but at the same time the overall feel is cleaner and more polished. A colleague was recently considering web app training, and he was torn between a book and this course. He stated something along the lines of, “My brain is telling me to be economical and just get a book, but my eyes are telling me to go with eLearnSecurity!” That statement sums up the visual experience perfectly.
Continue reading to see if they managed to carry that momentum into the rest of the new version of this course.
|
|
Discuss in Forums
|
|
|
Read more...
|
|
|
 By Chris Hadnagy
For the past few months, I’ve brought you articles on launching your career as a social engineer, the psychology and history behind hacking humans and even some scams you can pull on your clients for their own good. As wonderful as it is to talk about the methods, the tricks and the sexy stories of social engineering pwnage, we need to take a step back and discuss the business end of this spectrum.
Yes, I said it… business side. After all, most of us reading this article either are in IT/Security or want to be. So how can one sell SE penetration tests? How can you scope it? Price it? And what do you give the client at the end of the engagement? All of these are good questions for budding professional social engineers, and thus the topic of this month’s column, the process of selling and delivering a social engineering penetration test.
|
|
Discuss in Forums
|
|
|
Read more...
|
|
|
 Review by J. Oquendo
“Metasploit – The Penetration Tester's Guide” by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni is perhaps the most enjoyable book I have come across regarding the uses and functionality of Metasploit. There were so many concepts it refreshed me on, many functions I didn’t know existed and other functions I did not correctly understand even with my years of using Metasploit. Let’s take an in-depth look into this stellar publication by No Starch Press.
Initially I skipped through the first chapter of the book, “The Absolute Basics of Penetration Testing.” However, I went back to the chapter as I had already been in and out of reading the methodologies laid out by the Penetration Testing Execution Standard (PTES). This chapter actually made sense after the fact, since my approach was that of the technical one: Show me the meat of this book. Not everyone who uses Metasploit (and other tools like it) has a concise understanding of penetration testing, and many will assume that aiming Metasploit at an address constitutes a penetration test. The chapter is clear, summarized and offers much food for thought outside of Metasploit and into the realm of penetration testing.
After the break, look for a link to a free download of Chapter 8: "Exploitation Using Client-Side Attacks"
|
|
Discuss in Forums
|
|
|
Read more...
|
|
We Have a Winner!!
Recently, EH-Net published an interview with CompTIA's Product Manager of CASP, where we wondered if this was The Evolution of Technical Security Certifications? Since then, this new credential has been officially released. Here's your chance to get in early as this month's sponsor writes:
" Be one of the first to earn this new CompTIA advanced-level security certification. With Training Camp, you will receive CompTIA authorized courseware and expert instruction while learning to conceptualize, design, and engineer secure solutions across complex environments. Our course is designed to provide the maximum amount of material over the shortest period of time, enabling students to walk away certified in a matter of only 5 days."
And for this month only, Training Camp is offering a free seat in any CASP course to one lucky member of EH-Net! And the deserving winner this month is El33tsamurai. Congrats!! You too can stay ahead of the curve with Training Camp’s CASP Certification Course and meet the growing demand for advanced IT security in the enterprise today.
|
|
|
Discuss in Forums
|
|
|
|
Read more...
|
|
|
 Review by Tristan Lawson, CISSP, MCSE: Security, GCIH, OSCP et al
Michal Zalewski, author of 2005’s highly praised Silence on the Wire, is at it again with "The Tangled Web: A Guide to Securing Modern Web Applications," an incredible and highly technical book published by No Starch Press. Since the browser is the portal of choice for so many users, its inherent security flaws leave the user at a significant risk. This book details the issues surrounding insecure web browsers and what developers can do to mitigate those risks.
Mr. Zalewski writes about modern web applications which are built within a tangled mess of technologies, developed over time and then slapped together into a confusing monstrosity. This in turn leads to inconsistent operation with all kinds of vulnerabilities at several levels. The author goes into great detail taking apart every level of web applications from HTTP communication to browser and server-side scripts and dissects the subtle security consequences and the corresponding dangers of the unorganized conglomeration of web applications and browser code. The author then goes into how developers can work through the current problems and solve them down the road through new and revised code.
This book begins with the observation that the field of information security seems to be a mature and well-defined discipline, but in reality there is not even a rudimentary framework for understanding and assessing the security of modern software. So let’s dive deeper into the book to see how Mr. Zalewski addresses the issues in an attempt to untangle this mess.
After the break, look for a link to a free download of Chapter 3: "Hypertext Transfer Protocol"
|
|
Discuss in Forums
|
|
|
Read more...
|
|
|
 By Chris Hadnagy
As a professional social engineer, it is beneficial to study the methods of scamming that the bad guys have used in the past, compare it to modern tactics and see what can be learned. Experts have agreed that the motivation for most scams is greed. Although that is true, it is also found that fame, attention or just the need to maliciously hurt and steal from others are strong motivators for scamming people. This month, let’s analyze some old scams, compare them to a modern-day equivalent and see what we can learn as Social Engineering Pentesters.
Although scams have been around since the dawn of man, this one from 1812 is notable. A Philadelphia man name Charles Redheffer claimed that he invented a perpetual motion machine, a theoretical device that, after only one initial input of power, will perpetually continue to generate energy. Even though such a machine would break the laws of thermodynamics, his claim was supposedly backed up by an actual working device. His next desire was to secure government funding to "build a larger version". He actually got the money and built a new machine, but he then fled the city when inspectors found that he had hidden the real power source. Undeterred, he tried the same scam in New York City but was again caught when the inspectors removed a wall of the machine to reveal an old man eating a sandwich and turning a crank. This machine can still be seen today in the Franklin Institute of Philadelphia. In analyzing this scam we can see some basic principles at play here.
|
|
Discuss in Forums
|
|
|
Read more...
|
|
We Have a Winner!!
Hopefully most of you not only have the technical side of your brain in your plans, but also the management skills that are more and more expected of us geeks as we advance in our careers. Enter Global Knowledge and their dedication in helping to support your pursuit of IT security knowledge building.  Global Knowledge offers one lucky EH-Net member the CISSP Prep Course (terms & conditions) worth $2895! This course includes all the tools you need to prepare for the updated (ISC)2 Certified Information Systems Security Professional exam. Prepare with confidence with this course and these exciting tools:
• Custom study guide containing summary charts, insightful data, and practice exams
• A free copy of McGraw-Hill's CISSP Certification All-in-One Exam Guide, 5th Edition
• CISSP Exam Cram Sheet
• CISSP certification practice exam
To make it even better, Global Knowledge has several ways in which to deliver this course whether it be in-person or online. That kind of flexibility gives this month's winner, TheXero, options when it comes to both budget and travel. Congrats and keep us posted as to your progress. But the prizes don't stop just because a winner has been chosen. Another great prize is up for grabs. So go hit the EH-Net Community Forums and you could be one of the many winners of high cost, high quality prizes offered each and every month.
|
|
|
Discuss in Forums
|
|
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
| | Results 1 - 13 of 188 |
|
(10) 
General Certification : CISSP ISSAP
Links to cool sites. : CODENAME: Samurai Skills Review at Darknet
