Ryan Linn continues his insiders look at Offensive Security's online training in Part 3 of this continuing review of 'Pentesting with BackTrack.' As a reminder, PWB is described by Offensive Security as, "An online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."

Ryan will wrap things up in Part 4 of this new format of reviewing courses. EH-Net normally completes an entire course before publishing any content in a review article. So far, the Community seems to be enjoying it. Maybe this is yet another new trend that shall continue as we head full steam into 2010.

del.icio.us

Discuss in Forums (11)

We Have Winners!!

As you know, we scored 20 USB Drives from our friends at IronKey and are giving out each and every one of them. All 4GB drives will be awarded to the top EH-Net Forum Contributors. In order to give away 20 devices and still make it so someone deserving wins, we have to break from tradition. This was a great opportunity to reward those who have been top contributors for years as well as those who are just getting their start. So what we've decided is to simply award a 4GB IronKey to the Top 20 Posters in our Forums. Yes that means we have repeat winners, but they deserve it.

Be sure to check out the new IronKey S200, the World's Most Physically and Cryptographically Secure USB Flash Drive!

And the winners are... Negrita, Dengar13, Oyle, ChrisG, Manu Zacharia (-M-), jimbob, blackazarro, slimjim100, dalepearson, BillV, xXxKrisxXx, g00d_4sh, Kev, Andrew Waite, sgt_mjc, awesec, jason, Ketchup, Jhaddix, timmedin. As an extra bonus, I have asked all of the above members to be on our Community Board of Advisors. This is an informal group that I will rely on in matters concerning the growing community we have all created. Each of the winners has devoted a lot of their time and efforts in making this community what it is, and as such they all deserve to have a seat at the table. Sincere thanks to you all.

del.icio.us

Discuss in Forums (42)

Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.

Only members are eligible!
Registration Is FREE!

Hello, challenge fans! This is Raul Siles, author of the “Prison Break - Breaking, Entering and Decoding” EH-Net challenge, here to announce the answers and winners for this tough competition. BTW, the answers for this challenge were released to The Informer subscribers a few days ago. EH-Net had teamed with The Informer; in Johnny Long words, "(It is) a fund raising effort run by Hackers For Charity. It is designed to give subscribers a "backstage pass" to the world of Information Security. For $54 per year, subscribers get early, exclusive access to all sorts of goodies donated by the top names in the INFOSEC world. The industry's most recognized names will post blog entries here before they even post them to their own sites." The EH-Net contribution will be the answers to the Skillz Challenges a few days before they are revealed on EH-Net.

The main goal of this challenge was to improve your pen-testing skills by devising an attack strategy to achieve multiple goals, such as dealing with a VoIP 802.1q (VLAN) scenario, squeeze the Windows and Metasploit meterpreter capabilities to sniff traffic, and decode and analyze HTTPS traffic. You became very creative, with different assumptions and answers, covering a variety of strategies and tools.

del.icio.us

Discuss in Forums (2)

EH-Net Exclusive - Free Download of Chapter 4: Setting Up Your Lab 

Review by Andrew Waite, EH-Net Member, InfoSanity.co.uk

When I first heard about Thomas Wilhelm's new book in my Twitter feed, the title immediately caught my attention, 'Professional Penetration Testing: Creating and Operating a Formal Hacking Lab.' As I'm currently trying to build up my own training and testing environment, this tome promised to provide answers to all my questions. A quick Google search to learn more and a useful discussion right here in the EH-Net Forums left me surprised that the release of the book had managed to slip underneath my radar. So when offered a chance to get my hands on the material and provide a review for those that had similarly managed to miss the release, I jumped at the chance.

The unique selling point of this resource over potential alternatives if best highlighted by the author's own foreword, “This book is a divergence from most books as it discusses professional penetration testing from conception to completion. Rather than focusing solely on information system vulnerability identification and exploitation, by the end of this book we will have examined all aspects of a professional penetration test, including project management, organizational structures, team building, career development, metrics, reporting, test-data archival methods, risk management, and training...in addition to... information gathering, vulnerability identification, vulnerability exploitation, privilege escalation, maintaining access, and covering our tracks.”

del.icio.us

Discuss in Forums (19)

A new version of the Browser Exploitation Framework (BeEF) has been released. This new release incorporates both my code from my Security B-Sides update of the ChicagoCon Talk "Cain Beef Hash: Snagging Hashes without Popping Boxes" as well as RSnake and Jabra's modules presented at Defcon. Enclosed in this update are some videos describing how to use the modules that I created which allow for realtime interaction with Metasploit. These modules directly communicate with Metasploit to setup the modules which will be used in further browser exploitation. These videos demonstrate how to use the Samurai WTF distribution's initial setup of BeEF, and to upgrade it to the latest version. Once you are upgraded to the latest version, there are 2 more videos, one to utilize the integration to do "point and click" browser autopwn from a browser hooked via XSS. The other example demonstrates how to leverage a domain's "Local Intranet" policy to capture NTLM/LM Challenge credentials with a static challenge, which can then be turned into usable credentials. The Metasploit code required for this to work is in the 3.3 dev trunk and was added in August after Defcon, so you may need to pull out of the dev trunk to have all of the pieces you need.

Wade Alcorn is the author and maintainer of BeEF and was a great help in getting these added. If you haven't checked out BeEF before watching these videos, hopefully you will check it out now. If you have more great ideas for ways to extend and contribute to the framework please do so. I also appreciate H D Moore's help in getting the Metasploit code to make all of this work seamlessly into the Metasploit trunk. You can find some additional videos of RSnake and Jabra's content on Vimeo.

del.icio.us

Discuss in Forums (4)

Ryan Linn is back with Part 2 of his review of PWB. It's shaping up to be a four-part series of weekly insights as he progresses through the course with a final compilation review to follow. This is a new format for us at EH-Net, so please let us know in the forums what you think as we experiment.

As a reminder, PWB is described by Offensive Security as, "'Pentesting with BackTrack' (previously known as Offensive Security 101) is an online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."

del.icio.us

Discuss in Forums (11)

Review by Jason Haddix

If anyone hasn't seen or used The Academy Pro, then you're missing out on an incredibly valuable resource. Peter Giannoulis and friends have put together 400+ videos on setting up and using optimally all our *favorite* security technologies. Need to set up IronPort? They have a video. GFI Languard? They have a video, too. Need pentest tool tips? They have over 70 different VA/Pentest video tutorials. Heck, they have our Security Aegis videos.

Last month, Peter started the buzz on a new training class he will be offering. It’s called eLearnSecurity. So far we know it has about 2000 slides of theory and practical application, plus 5 hours of unreleased video. The class promises to be affordable and have some awesome labs.

del.icio.us

Discuss in Forums (20)

I have had the opportunity to enroll in the "Pentesting With BackTrack" course from Offensive Security. Over the next 30 days, I will be posting an update a week with my thoughts on the content that I have worked through in the previous week, along with experiences with labs, support, and also personal revelations. At the end, I am going to give a more objective report on the entire class, listing what I see as strengths, weaknesses, as well as benefits and deficits compared to other classes I've taken. So follow along, as I go from the period before the class starts, all the way through the exam.

The course is described by Offensive Security as, "'Pentesting with BackTrack' (previously known as Offensive Security 101) is an online course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. This penetration testing course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students. This course gives a solid understanding of the penetration testing process, and is equally important for those wanting to either defend or attack their network. The course can be taken from your home, as long as you have a modern computer with high speed internet."

del.icio.us

Discuss in Forums (7)