|
 Tutorial by Mark Nicholls AKA n1p
The intent of this exploit tutorial is to educate the reader on the use and understanding of vulnerabilities and exploit development. This will hopefully enable readers to gain a better understanding of the use of exploitation tools and what goes on underneath to more accurately assess the risk of discovered vulnerabilities in a computer environment. It is important for security consultants and ethical hackers to understand how buffer overflows actually work, as having such knowledge will improve penetration testing capabilities. It will also give you the tools to more accurately assess the risk of vulnerabilities and develop effective countermeasures for exploits doing the rounds in the wild.
With this in, I am going to focus exclusively on the practical skills needed to exploit Structured Exception Handler buffer overflows. I won't go into too much detail regarding the theory of how they work, or how buffer overflows can be discovered. There are many other resources available on this subject, and I encourage you to research this further
Warning! Please note that this tutorial is intended for educational purposes only, and skills gained here should NOT be used to attack any system for which you don't have permission to access. It is illegal.
|
|
Read more...
|
|
|
eLearnSecurity’s Penetration Testing Pro - What CEH Should Have Been
 Recently the web has been abuzz with pentest training options. The CEH received new life as it was added to DoD Directive 8570 as well as revamped its courseware in version 6.0, Offensive Security rolled out their version 3.0 of “Pentesting With BackTrack,” and it seems like new training options are coming out almost every day in the field. That being said, I have been lucky enough to receive an advanced copy of the flagship course by eLearnSecurity, Penetration Testing Pro (PTP).
PTP is a three section presentation and video course authored by Armando Romeo (admin of hackerscenter.com), Brett D. Arion, Nitin Kumar, and Vipin Kumar. It has an optional certification component called the Certified Professional Penetration Tester or eCPPT for short. The target audience for the course is security engineers or penetration testers in the 0-3 year experience range. The course divides penetration testing into three categories: System Security, Network Security, and Web Application Security. Let’s take a look at each.
|
|
Read more...
|
|
 We Have 5 Winners of OffSec Online Training!
Offensive Security has carved out a place in the pen testing field that is quite rare. They offer not only high quality training but also at some of the lowest price points in the industry. For an insider's look at Pentesting With BackTrack (PWB), check out Ryan Linn's review of PWB and the associated exam, OSCP. But as well know as PWB is becoming, let's not forget they also have 3 other courses. For you wireless pen testers, there's OffSec Wireless Attacks AKA WiFu, for Windows environments there's Advanced Windows Exploitationand (AWE), and for those ready to prove their mettle, OffSec throws down the gauntlet with Cracking the Perimeter (CTP). OffSec continues to support EH-Net and their members by offering not just 1 but 5 courses for top contributors. We have 2 seats in PWB, 2 in WiFu and 1 in CTP.
In alphabetical order, the winners are: BillV, chrisj, j0rDy, unsupported and zeroflaw. I will contact each one of you individually to choose a course that fits best. Congrats, keep up the great work and keep us posted on how your training goes. All EH-Netters love reviews!!
Remember, Offensive Security has released a new version of PWB which is now aligned with BackTrack 4, has new video recordings, updated courseware, new double-sized lab with new OSs, new web app modules and much more. PWB v3.0 is available NOW. Gee... that's just in time for our winners to get it. Funny how that works out. ;-)
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; write an article; spread the word of EH-Net; help a newbie... quality is more important than quantity.
|
|
|
|
Greetings, challenge fans! It’s time (at long last) to announce the WINNERS for our holiday-themed challenge, Miracle on Thirty-Hack Street. I’ve gotta say, we received a huge number of high-quality responses. KJ0 (one of my nicknames for my challenge co-author, Kevin “Frickin’” Johnson) and I felt kinda like we were in the scene from the movie where they dump all the mail on the judge. I apologize for not getting these answers done sooner, but a family medical emergency in January and February consumed much of my attention those months. But, we’re back in action and ready to roll.
Dedicated little elves that we are, Count Kevula and I read every last word of every entry. Actually, we read the first word, too. Oh, and all of the ones in between. (Well, except for one entry, in which we read only every other word. It was kinda confusing, quite honestly. But, since that submission came from Don Donzal, who is ineligible to win, we figured it was OK to skip those words.)
--Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Instructor
|
|
Read more...
|
|
|
 Review by Michael Heinzl AKA awesec
The CEH (Certified Ethical Hacker) certificate is without doubt one of the most heavily discussed security certificates in the english-speaking world, which was one of the reasons why I was curious about it and what challenges I will face with it. As the topics to be covered are very broad based on their published course outline, I was at first skeptical if everything would be covered in enough detail in order to pass the CEH exam successfully.
As questions about CEH pop up every few days, both general ones or in particular about preparation and revision, I hope that this review will help to answer a few of them as well as introduce all of you to EC-Council's own training named iClass. As they describe it:
"iClass is EC Council’s live, online, instructor-led training platform. iClass makes our entire catalog of vendor neutral certifications available to you in multiple schedule formats, dates, and times."
Let's jump right in and take a look.
|
|
Read more...
|
|
|
Review by Chris Jenks
Hacking for Dummies, an introduction to Ethical Hacking, is shallow enough for anyone first stepping into the field, but with tricks, tips and real-world experiences even the veteran penetration tester will find enlightening.
The book is considered to be a good introduction to the world of Ethical Hacking. Like all “for Dummies” books, the subject matter is explained in plain English instead of being filled with jargon and buzz words. That doesn't mean a reader can walk in cold and learn to be an Ethical Hacker (a hacker who is hacking with prior written permission of the owner of the systems). In order to get a deeper understanding, the reader has to have a basic understanding of Networking, System Administration, and Applications. The reader doesn't need to be an expert but really should have a firm grip on the basic concepts.
|
The current version of Hacking for Dummies is divided into 7 parts. If the reader is familiar with the subject the book doesn't need to be read in order and can be used mostly as reference. However, if the reader is new to information security the best approach would be to read it in the order the book is laid out. Each chapter has a tendency to either refer back to something that was covered before, or refers forward to something covered in more detail ahead.
|
|
|
|
Read more...
|
|
We Have Our Winners!
 Syngress Publishing has been a long supporter of the professional hacking segment of the industry. 2010 shows no sign that they are stopping. In their continued support of EH-Net, they have graciously offered up copies of their next 5 releases to not just one lucky winner but 2!! The 2 winning EH-Net members, hayabusa & former33t will each be put on the list of those who automatically receive copies of the new releases immediately upon becoming available. What a great way to increase the volumes in their technical libraries with the latest and greatest tomes from topic areas like Certification, Digital Forensics, Hacking & Penetration Testing and more. Congratulations and thanks to everyone for adding to the ever-growing repository of great professional discussions on ethical hacking.
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
|
 Ryan Linn continues his insider's look at Offensive Security's online training course, 'Pentesting with BackTrack.' In Parts 1 - 4, he presented the reader with details of the training as he did it. Now in this final review (Part 5), he compiles his thoughts on the course in its entirety and then gives you an extended look at the process of preparing and taking the Offensive Security Certified Professional (OSCP) exam. PWB is described by Offensive Security as, "An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."
Visit Ryan Linn's Column Page for Parts 1 - 4 as well as several other contributions to The Ethical Hacker Network and our community of security professionals.
|
|
Read more...
|
|
|
 Review by Jason Haddix
Have you ever seen Man on Fire? If you haven’t and you like watching kick-ass, kick-you-in-the-teeth, relentless, Denzel-Washington-type of-action-flicks… you might want to Netflix that one. Our interview this week is kind of like Denzel in Man on Fire but with less guns and more SQLi strings meticulously crafted to pwn your databases.
Enter Joe (j0e) McCray of LearnSecurityOnline… Joe is a long standing friend of both Security Aegis and The Ethical Hacker Network, and, after wanting to keep the limelight off of himself and his teaching projects, we have finally pestered him enough to agree to sit back and answer a few of our questions about life, liberty, and the pursuit of root.
The great thing about Joe is that he will never make you feel like an idiot, even while he’s managing to teach you cutting-edge stuff. He keeps you engaged in a half comedy, half lecture style teaching format. I have no reason to think that his energy and effectiveness won't continue to shine through in his upcoming new advanced course, Pentesting High Security Environments. Make sure to check out his video at the end of the interview.
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
| | Results 118 - 130 of 224 |
|
del.icio.us
(13) 
GCIH - GIAC Certified Incident Handler : Passed my GCIH
