Review by J. Oquendo

After the break, look for a link to a free download of Chapter 8: "Exploitation Using Client-Side Attacks"

Discuss in Forums (3)

We Have a Winner!!

Recently, EH-Net published an interview with CompTIA's Product Manager of CASP, where we wondered if this was The Evolution of Technical Security Certifications? Since then, this new credential has been officially released. Here's your chance to get in early as this month's sponsor writes:

"Be one of the first to earn this new CompTIA advanced-level security certification. With Training Camp, you will receive CompTIA authorized courseware and expert instruction while learning to conceptualize, design, and engineer secure solutions across complex environments. Our course is designed to provide the maximum amount of material over the shortest period of time, enabling students to walk away certified in a matter of only 5 days."

And for this month only, Training Camp is offering a free seat in any CASP course to one lucky member of EH-Net! And the deserving winner this month is El33tsamurai. Congrats!! You too can stay ahead of the curve with Training Camp’s CASP Certification Course and meet the growing demand for advanced IT security in the enterprise today.

Only members are eligible!
Registration Is FREE!

Discuss in Forums (36)

Review by Tristan Lawson, CISSP, MCSE: Security, GCIH, OSCP et al

After the break, look for a link to a free download of Chapter 3: "Hypertext Transfer Protocol"

Discuss in Forums (2)

By Chris Hadnagy

As a professional social engineer, it is beneficial to study the methods of scamming that the bad guys have used in the past, compare it to modern tactics and see what can be learned.  Experts have agreed that the motivation for most scams is greed.  Although that is true, it is also found that fame, attention or just the need to maliciously hurt and steal from others are strong motivators for scamming people.  This month, let’s analyze some old scams, compare them to a modern-day equivalent and see what we can learn as Social Engineering Pentesters.

Although scams have been around since the dawn of man, this one from 1812 is notable.  A Philadelphia man name Charles Redheffer claimed that he invented a perpetual motion machine, a theoretical device that, after only one initial input of power, will perpetually continue to generate energy.  Even though such a machine would break the laws of thermodynamics, his claim was supposedly backed up by an actual working device.  His next desire was to secure government funding to "build a larger version".  He actually got the money and built a new machine, but he then fled the city when inspectors found that he had hidden the real power source.  Undeterred, he tried the same scam in New York City but was again caught when the inspectors removed a wall of the machine to reveal an old man eating a sandwich and turning a crank.  This machine can still be seen today in the Franklin Institute of Philadelphia.  In analyzing this scam we can see some basic principles at play here.

Discuss in Forums (1)

We Have a Winner!!

Hopefully most of you not only have the technical side of your brain in your plans, but also the management skills that are more and more expected of us geeks as we advance in our careers. Enter Global Knowledge and their dedication in helping to support your pursuit of IT security knowledge building. Global Knowledge offers one lucky EH-Net member the CISSP Prep Course (terms & conditions) worth $2895! This course includes all the tools you need to prepare for the updated (ISC)² Certified Information Systems Security Professional exam. Prepare with confidence with this course and these exciting tools:

• Custom study guide containing summary charts, insightful data, and practice exams
• A free copy of McGraw-Hill's CISSP Certification All-in-One Exam Guide, 5th Edition
• CISSP Exam Cram Sheet
• CISSP certification practice exam

To make it even better, Global Knowledge has several ways in which to deliver this course whether it be in-person or online. That kind of flexibility gives this month's winner, TheXero, options when it comes to both budget and travel. Congrats and keep us posted as to your progress. But the prizes don't stop just because a winner has been chosen. Another great prize is up for grabs. So go hit the EH-Net Community Forums and you could be one of the many winners of high cost, high quality prizes offered each and every month.

Only members are eligible!
Registration Is FREE!

Discuss in Forums (7)

By Jason Andress

A commonly posed question, particularly among people looking to get into the information security field, is “how do I get into information security?” This is an excellent question, and one we can find answered in a variety of ways, although, perhaps, it is not really the right question to ask. A better question might be “what do I need to do to build myself into an information security professional?” The distinction between the two questions is narrow, but definitely present.

We might think of this as the difference between looking for a job and looking for a career. Career information security professionals are some of the most passionate, dedicated, and engaged people in all of the technology industry. We will often find such focused people burning the midnight oil on security research, projects, and conference presentations, not necessarily because they are being paid to do so, but because they have a burning interest in doing so.

So, that being said, let’s talk about how we build information security professionals.

Discuss in Forums (5)

Chris Hadnagy

Social Engineering is a complex beast.  It is not simply lying or telling someone a deceitful story to get them to give over their passwords.  Social Engineering (SE) is defined, well at least by me, as any act that influences a person to take an action that may or may not be against their best interest.  With that definition in mind there are many different principles that influence SE and the skills needed both physically and psychologically.

The concept behind this column is to provide the tools, techniques and direction to the readers that would like to either incorporate more SE into their current work or to become a full-time social engineer. I would like to take this month’s article to talk about at least one of the psychological principles involved in SE that should be considered foundational and required. It makes a huge difference in your ability to be successful.

Discuss in Forums (3)

With the changing landscape of warfare away from nation-states only utilizing conventional means to the addition of mobile rogue outfits utilizing cyber-attacks, not only countries but also organizations of all shapes and sizes now need to concern themselves with a new threat. Slowly but surely, the real vulnerability to the power grid is starting to grab the attention of both the public and private sectors. Along with that comes more media attention and in turn pressure to make sure these systems don’t come crashing down affecting hundreds of millions citizens dependent on today’s modern conveniences.

With the need to secure such systems also comes the need for expertise and education. Enter Justin Searle, Managing Partner at UtiliSec.  UtiliSec provides security consulting services to utilities and vendors in the energy sector.  Some of the services offered include security assessments, guidance on regulatory issues like the NERC CIPs, participation in standards work and security training services. So who better to interview in order to shine a light on some of the many aspects of this burgeoning field of security? Here’s several questions to get us all up to speed.

Discuss in Forums (4)