We Have a Winner!
 What's the first thing to go in a bad economy? Training & travel. With EC-Council sponsoring our Free Monthly Giveaway with one (1) Certified Ethical Hacker seat delivered via its iClass format, both concerns have been taken care of for you. iClass is EC-Council’s live, online, instructor-led training modality! There are two delivery formats: 1. FlexClass: This schedule is designed to spread the learning out over a period of time and avoid missing a full week’s worth of work. The times are 4pm – 8pm, MST twice a week for 5 weeks. 2. iWeek: This schedule is similar to the standard 5 day format found at the majority of training centers. The times are 8am – 4pm MST every day for 5 consecutive days. The SRP of the course is $2895 and includes the certification voucher, official courseware and shipping! Select your area of interest and join us for our next available iClass to discover all the benefits of EC-Council certification without the added expense of travel. Courses include Security Fundamentals, Ethical Hacking, Penetration Testing, Computer Forensics, Disaster Recovery & Secure Coding. The deserving winner this month is EH-Net Member, awesec. Congrats and thanks for your efforts.
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
 Hello! Ed Skoudis here... with a new challenge written by my friend, Raul Siles. You may remember Raul as the victor in such challenges as Lord of the Ring Zero and When Trinity Hacked the IRS D-Base. Raul has whipped up a doozy of a challenge here, all based on the TV show Prison Break. In this challenge, you'll work to thwart the sinister plans of The Company, an ominous, faceless group bent on world domination. To win, you'll have to do some network trouble shooting, plot a clever hack, and perform some file and packet analysis, all skills that are extremely useful for security pros. As always, we'll choose three winners: the best technical one, a creative entry that is also technically correct, and a random draw. Even if you don't know all the answers or can only guess, submit an entry with what you do have, and you'll be entered in that random draw. Winners will receive signed copies of my book, Counter Hack Reloaded. All entries are due by August 31, 2009. Have fun with Raul's challenge!
--Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Fellow
|
|
Read more...
|
|
|
 In Part I, Modern Social Engineering - A Vital Component of Pen Testing, Chris Nickerson & Mike Murray adeptly covered the generalities of Social Engineering, and how it is a repeatable process perfect for inclusion in penetration testing. So let’s go a little deeper into crafting these attacks. What are some of the tricks of the verbal trade that make people far more likely to fall prey to those phishing attacks or that fraudulent web site? What tools can I use to test and eventually utilize to attack… er… audit my target organization? This 1-hour webcast dives deeper into the process of Electronic SE (eSE) and offers real-world examples of combining the skills of the social engineer with the toolkit of the ethical hacker.
The entire hour and a half video of the webcast as well as the slide deck are available below.
|
|
Read more...
|
|
|
 All of the answers from Brady Bunch Boondoggle, the Skillz H@ck1ng Challenge from February 2009, are revealed as we continue our story with Oliver and Mr. Brady discussing the packet capture of the kids' hacking activity. While pondering who could help them with the analysis of the data, a bright light flashes with a rumble that shakes the house.
Oliver asks "What happened Mr. Brady?"
"I moved the island Oliver. We're 3 months in the future now."
"Oh … OK. Who can we get to help us analyze this wireless packet capture?"
At the backdoor, a voice calls "Did someone say wireless packet capture?"
The Technical Winner, Creative Winner and the Random Winner are all listed at the end of the article.
|
|
Read more...
|
|
|
 Review by Zoher Anis, TerpSys
I had the opportunity to attend SANS 2009 in Orlando, once again as a facilitator. This time it was to tackle the toughest course SANS has to offer, SANS SEC709 Developing Exploits for Penetration Testers and Security Researchers, currently their only 700-level course. As described on SANS web site:
"In this course, we bridge the gaps and take a step-by-step look at Linux and Windows operating systems and how exploitation truly works under the hood. This four-day course rapidly progresses through exploitation techniques used to attack stacks, heaps, and other memory segments on Linux and Windows. This is a fast-paced course that provides you with the skills to hit the ground running with vulnerability research."
I would like to begin by saying that the above description is very accurate and should be taken word-for-word. It is a very tough course and very fast-paced. It does require you to know intermediate level x86 assembly programming, basic level C and python to get the most out of the course. Here’s a quick day-by-day account of my experiences.
|
|
Read more...
|
|
We Have A Winner!!
 I did offer this to a couple members who were gracious enough to decline, because they wouldn't be able to use the ticket. Thanks again for proving that the EH-Net Community truly is a unique one. That being said, the winner this time around surely isn't a third choice. He absolutely deserves it as his contributions to EH-Net over the past year far outweigh his post count. Thanks to Ryan Linn AKA Apollo as he will be attending Black Hat USA on us, EH-Net.
The world's premier technical event for ICT security experts is being held July 27 - 28, 2009. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with thousands of delegates and review products from leading vendors in a relaxed setting, including Sustaining Sponsors Core Security, IOActive, Microsoft, Norman, Qualys and SAINT. At stake is a Passport Admission Ticket worth $1595 ($1995 at the door) that allows entry into the Briefings portion of the event. This year's venue is again Caesars Palace in Las Vegas.
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
Review by Ryan Linn, CISSP, MCSE, GPEN
| “Gray Hat Python” by Justin Seitz, one of the latest releases from publisher, No Starch Press, focuses on using the Python programming language for reverse engineering. This book is subtitled “Python Programming for Hackers and Reverse Engineers” which is fitting as Justin is a member of Immunity Security, makers of the Canvas penetration testing platform and the Immunity Debugger. The foreword by Dave Aitel, Immunity's CEO, is an excellent introduction to why the content of this book is important. It focuses on the short time span that is required from discovery of a bug to exploit, and the necessity for flexible, fast, and collaborative vulnerability discovery and exploit development. Dave does an excellent job in setting the tone for why the information in the book is relevant and what the drive is for these types of tools in the industry. |
Download 2 Free Chapters Below
|
|
|
Read more...
|
|
|
 This review is long overdue. My apologies to EH-Net readers, SANS and especially Joshua Wright, developer and instructor of SEC 617 - Wireless Ethical Hacking, Penetration Testing, and Defenses. Its lateness is more due to my inability to comprehend exactly what I experienced than to a lack of desire to complete the task. I honestly sat down at the keyboard multiple times, but each time I felt I wasn’t doing the course or Mr. Wright justice. OK… so like every other SANS course, it had quality courseware, the instructor was top-notch, and I walked away with much more knowledge than when I arrived. So I could simply state the above sentence, report on each and every day of the course offering endless details, recommend it to the masses and be done with my job. But even that felt like empty rhetoric.
As with the review of SANS 560 – Network Pen Testing and Ethical Hacking entitled "Ed Skoudis and the Pen Testing Factory," and many other articles, I felt the writer’s need to have a theme. And it doesn’t have to be a movie, but something that weaves a thread through the words to keep the reader engaged. Just the right connection or idea can make all the difference in the world. And as many do when faced with writer’s block, I let it sit for a while knowing that inspiration would hit me when not looking. But even with pressure and anxiety to produce, it wasn’t coming. Forcing it made for poor results. Suddenly during the minutia of daily life, a bright red spine from one of many bookshelves in my basement caught my eye. I had found my theme.
|
|
Read more...
|
|
|
 After more than 10 years in the information security industry and a significant amount of time running a lab that tests products, I’m a pretty difficult guy to impress with technology. And I’m NEVER nice to vendors. They hate me. As an example, when running said test lab, we once had a vendor give a client six-figures worth of software when the client told them that we’d be testing it before they purchased. The client was happy, so we did our jobs even though we never tested a thing.
The only product I have ever had a net positive review of was the Safeboot disk encryption product, and even then, it was a case of being damned with faint praise. I believe that the entire positive part of our assessment was: “the product works as advertised.”
So, when Don approached me to do a review of the IronKey Personal, I knew I was going to rip it apart. I was going to write a scathing review of how terrible their product is and why these “gimmicky” pieces of hardware don’t work. Because they usually don’t.
|
|
Read more...
|
|
| | << Start < Prev 11 12 13 14 15 16 17 18 Next > End >>
| | Results 144 - 156 of 224 |
|
del.icio.us
(14) 
Programming : Finished Python Course in Codecademy now what?
