We Have Winners!!

With the economy still in the dumps, those travel budgets never seem to get funded. Add to that inflation and the price of gas, and getting to those instructor-led courses seems more difficult every day. Good thing companies like CareerAcademy.com are utilizing technology to get you the training you need AND access to mentors without ever having to leave your chair. Career Academy's exclusive LearningZone live mentor program offers help whenever you need it. Why wait for email support? Chat Live with their Certified Instructors anytime around the clock (24x7). In addition to 6 months of access to LearningZone, 3 EH-Net members, Disneycrack, WCNA, lorddicranius, were chosen to receive one of the following three video-based training courses each valued at $695:

- CISA Training with Kenneth Mayer
- CISSP Training with Shon Harris
- Advanced VMware Security Training with Tim Pierson & Duane Anderson

Thanks as always to CareerAcademy.com for continuing to support EH-Net. Continued thanks go to all EH-Netters out there in the intertubes, especially those that make it all the way out to Iraq. Your service is appreciated beyond words.

Discuss in Forums (9) Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity. Only members are eligible! Registration Is FREE!

As most of you know, I do not have a college degree. I’m not alone… Bill Gates, Mark Zuckerberg, Richard Branson and countless others have had great success without this particular piece of paper. A common question in The Ethical Hacker Network Community Forums is if someone should get a degree, gain experience or achieve certifications to which I quickly respond by saying, “Yes!” All make for a better resume. Unfortunately, I only have 2 out of 3. In addition to sounding hypocritical, there are plenty of other reasons why I get that nagging feeling that I should get my degree: what if this online magazine thing goes caput, what if I ever want to teach, or, the most pressing item at this point in my life, am I setting a good example for my kids? But even if I do want to pursue a degree, how do I find the time? An undergrad degree is no longer good enough, and that adds even more time and effort to reach for a masters. So as always, I’ll put it on the back burner and let those voices continue in my head…

“You’ve got to kill yourself, Don, before it’s too late.”
“Why are you doing this to me?”
“I’m cursed to walk the Earth as the undead until the bloodline is severed. You have to get a degree, Don, or you’ll make others like me.”

This American hacker recently had the opportunity to travel to the UK to attend the launch of the latest update (version 5) of the Certified Security Testing Associate (CSTA) ethical hacking certification course by 7Safe. When looking at their website, every page of every course shows the MSc logo and the credits to be earned towards a Master’s Degree in Computer Security & Forensics… that nagging corpse of an idea kept reappearing telling me, “Don… get your degree or people will die!” OK, so I’m not a werewolf from the classic horror film that inspired Thriller, and I’m not spawning a group of undead. It just seems as though every time someone asks me about a college degree, I feel like a new undead idea roams the netherworld of my brain. Will I forever be cursed with these visions?

So what’s the deal with this course, the certification and why should I consider this one over what seems to be a never ending choice of new security training providers? How does it compare with similar courses in areas of content, price, availability and acceptance in the industry? And what’s all the talk of college degrees? Get all the details after the break.

Discuss in Forums (4)

Review by John R. Luko, Security+, CCENT, CEH

A few weeks ago I saw an ad for Thor's Microsoft Security Bible: A Collection of Practical Security Techniques (TMSB) by Timothy "Thor" Mullen and thought, “Hey that sounds like it could be useful.”  I work for a Managed Services Provider (MSP) that supports tons of Microsoft servers, so any extra knowledge can always come in handy.  Originally, I thought it might be over my head.  I held off on buying it, until I found some reviews.  Fortunately (or unfortunately depending on how you look at it) TMSB came out and no reviews have been found.  I decided to go on Amazon and read the first chapter for free to see if it was something I could handle.  After reading the intro and half of chapter one, I was hooked.

Before I get to the review and some thoughts, I thought I’d offer a couple quick hints.  The first hint is to buy the hard copy.  Online retailers are selling the electronic version for the same price as the hard copy, and there is media that comes with the book.  Therefore, getting the hard copy gets you both for the same price.  Second, having read through the book, I’d suggest having the following intermediate level skills:  C#, T-SQL, and Server 2008 experience.  On with the review!

Discuss in Forums (1)

The entire hour and a half video
of the webcast is now available.

HD Moore Personally Offers Sneak Preview of the New Metasploit  

In the video of this EH-Net exclusive webinar, HD Moore gives a technical sneak peek of the next version of Metasploit Pro before it is available for download. The webinar includes a live demo of a Metasploit Pro pre-release version. This webinar will focus on new penetration testing features in the new version, including improvements of existing features and completely new functionality. The webinar will focus on the commercial edition Metasploit Pro, Rapid7’s flagship product for penetration testing and vulnerability verification, but also include information on improvements in the free, open source Metasploit Framework.

HD Moore is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code.

Discuss in Forums (1)

We Have Winners!

Wayne Burke, pen tester, instructor and CSO of Sequrit CSi along with the cooperation of EC-Council CAST, has put together the largest prize yet to be offered to EH-Net's top contributors for our Free Monthly Giveaways. Not only has he offered up a seat in Sequrit's 3-day security course, Digital Mobile Forensics Deep Dive, but also seats in 2 other 3-day courses being offered during the 4-day CAST Summit in Bethesda, MD from August 22 - 24.

"Digital Mobile Forensics Deep Dive: This three-day highly advanced and technical course provides students with the knowledge and real world hands-on practical skills for performing Mobile Forensic Investigations. The course is based on vendor neutral Digital Forensic principals, with focus on Apple OS, Google Android, RIM Blackberry and an array of other mobile devices and operating systems.

Attendees get to choose from a suite of workshops which are highly technical and advanced, covering current and important security topics such as penetration testing (Joe McCray), mobile forensics (Wayne Burke), cryptography (Chuck Statton), network defense (Kevin Cardwell), and application security (Tim Pierson). The event concludes with a one-day security training seminar that will have a few mini-lectures, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference."

The 3 winners this month are H1t M0nk3y, mubix and vijay2. Congrats and be sure to report back on the courses, workshops and the event as a whole. Thanks to all. 

del.icio.us Discuss in Forums (10) Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity. Only members are eligible! Registration Is FREE!

By Raphael Mudge, Armitage Creator

Armitage is a front-end for Metasploit that allows team collaboration and exposes the advanced features of the framework. Raphael Mudge has made a six-part training series on Armitage and Metasploit for the ethicalhacker.net community. These demonstration-heavy lectures introduce the penetration testing process and walk you through each step. You'll learn how to break into hosts, carry out post-exploitation activities, develop more access from your initial foothold, and you'll do this in a team environment.

These lectures were initially created for the Austin, TX ISSA and OWASP half-day Metasploit training event in June. Elated after several tex-mex meals, Raphael recorded these lectures for us. If you're new to penetration testing and want to understand Metasploit and Armitage, these lectures are for you. Also, be sure to read Hacking Linux with Armitage from February 2011. Enjoy the training!

del.icio.us

Discuss in Forums (14)

Review by J. Oquendo AKA sil

"Practical Packet Analysis: Using Wireshark to Solve Real World Problems" is a decent book for readers who are relatively new to networking. It makes a great addition for someone in the one-to-three year range of their career. Whether this career is security-centric, network administration, or simply as a hobbyist, Chris Sanders made great work of keeping things simple yet informative for his readers. While this is a plus for the entry person, it is also its minus for the seasoned pro.

The beginning of the book gives an overview of the OSI layer, which I have found many in the IT industry skimp on. Whether you are in networking, systems, programming or the security arena, understanding the interconnections of protocols and how they operate with one another across the layers should be the first and foremost knowledge one should memorize. Because Chris took the time and brought this out at the forefront, it will be beneficial to the reader, which once again I feel would be a junior administrator. Let’s get into some more details after the break.

del.icio.us

Discuss in Forums (8)

We Have a Winner!

If you've ever done martial arts and experienced learning in a dojo, then you're familiar with a teaching style that has succeeded for centuries. Thomas Wilhelm, author, instructor, speaker, professional penetration tester & all-around kewl guy, brings this concept to the security industry:

"The Hacking Dojo provides students with a long-term training and support system, with readily-available access to instructors. Students attend regularly-scheduled online meetings with their instructor, who teaches hacking concepts relative to students' skill level. When the students demonstrate proficiency in a set of skills, they are moved onto more difficult challenges and instruction."

Up for grabs this month was a full year of training in the dojo with one of the industry's most respected names. But to win the prize, all someone had to do was become an EH-Net member & give back to the community in our discussion forums. About a year ago, a new member named MaXe joined us on EH-Net. And now he's the member with the most posts who has yet to win. So with that, and his amazing jedi mind tricks, he is the winner this month. Congrats.

del.icio.us Discuss in Forums (15) Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity. Only members are eligible! Registration Is FREE!