We Have Winners!

Wayne Burke, pen tester, instructor and CSO of Sequrit CSi along with the cooperation of EC-Council CAST, has put together the largest prize yet to be offered to EH-Net's top contributors for our Free Monthly Giveaways. Not only has he offered up a seat in Sequrit's 3-day security course, Digital Mobile Forensics Deep Dive, but also seats in 2 other 3-day courses being offered during the 4-day CAST Summit in Bethesda, MD from August 22 - 24.

"Digital Mobile Forensics Deep Dive: This three-day highly advanced and technical course provides students with the knowledge and real world hands-on practical skills for performing Mobile Forensic Investigations. The course is based on vendor neutral Digital Forensic principals, with focus on Apple OS, Google Android, RIM Blackberry and an array of other mobile devices and operating systems.

Attendees get to choose from a suite of workshops which are highly technical and advanced, covering current and important security topics such as penetration testing (Joe McCray), mobile forensics (Wayne Burke), cryptography (Chuck Statton), network defense (Kevin Cardwell), and application security (Tim Pierson). The event concludes with a one-day security training seminar that will have a few mini-lectures, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference."

The 3 winners this month are H1t M0nk3y, mubix and vijay2. Congrats and be sure to report back on the courses, workshops and the event as a whole. Thanks to all. 

del.icio.us Discuss in Forums (10) Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity. Only members are eligible! Registration Is FREE!

By Raphael Mudge, Armitage Creator

Armitage is a front-end for Metasploit that allows team collaboration and exposes the advanced features of the framework. Raphael Mudge has made a six-part training series on Armitage and Metasploit for the ethicalhacker.net community. These demonstration-heavy lectures introduce the penetration testing process and walk you through each step. You'll learn how to break into hosts, carry out post-exploitation activities, develop more access from your initial foothold, and you'll do this in a team environment.

These lectures were initially created for the Austin, TX ISSA and OWASP half-day Metasploit training event in June. Elated after several tex-mex meals, Raphael recorded these lectures for us. If you're new to penetration testing and want to understand Metasploit and Armitage, these lectures are for you. Also, be sure to read Hacking Linux with Armitage from February 2011. Enjoy the training!

del.icio.us

Discuss in Forums (15)

Review by J. Oquendo AKA sil

"Practical Packet Analysis: Using Wireshark to Solve Real World Problems" is a decent book for readers who are relatively new to networking. It makes a great addition for someone in the one-to-three year range of their career. Whether this career is security-centric, network administration, or simply as a hobbyist, Chris Sanders made great work of keeping things simple yet informative for his readers. While this is a plus for the entry person, it is also its minus for the seasoned pro.

The beginning of the book gives an overview of the OSI layer, which I have found many in the IT industry skimp on. Whether you are in networking, systems, programming or the security arena, understanding the interconnections of protocols and how they operate with one another across the layers should be the first and foremost knowledge one should memorize. Because Chris took the time and brought this out at the forefront, it will be beneficial to the reader, which once again I feel would be a junior administrator. Let’s get into some more details after the break.

del.icio.us

Discuss in Forums (8)

We Have a Winner!

If you've ever done martial arts and experienced learning in a dojo, then you're familiar with a teaching style that has succeeded for centuries. Thomas Wilhelm, author, instructor, speaker, professional penetration tester & all-around kewl guy, brings this concept to the security industry:

"The Hacking Dojo provides students with a long-term training and support system, with readily-available access to instructors. Students attend regularly-scheduled online meetings with their instructor, who teaches hacking concepts relative to students' skill level. When the students demonstrate proficiency in a set of skills, they are moved onto more difficult challenges and instruction."

Up for grabs this month was a full year of training in the dojo with one of the industry's most respected names. But to win the prize, all someone had to do was become an EH-Net member & give back to the community in our discussion forums. About a year ago, a new member named MaXe joined us on EH-Net. And now he's the member with the most posts who has yet to win. So with that, and his amazing jedi mind tricks, he is the winner this month. Congrats.

del.icio.us Discuss in Forums (15) Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity. Only members are eligible! Registration Is FREE!

Review by Tony L Turner CISSP, CISA, GIACx4, OPSE, VCP, ITIL-F

The Hacker Academy (THA), with their online ethical hacking curriculum, fulfills an integral training need for security professionals. There are many training programs available today that teach tools and techniques for hacking. Some are better than others or suited to slightly different specializations such as web, network or wireless pen testing, but most of them are presenting very similar content. The problem is that most of these programs offer static content. By that I mean that the material does not change frequently, and the student is forced to find ways to stay current on new techniques. I think most of us would agree that it is a requirement in this field, but it can be very expensive and time consuming constantly going to conferences, trying to sift through Twitter or the hundreds of blogs for that useful tidbit. THA seeks to address that very problem with constant updates to the content by adding modules at an alarming rate. The cost is very reasonable at $95/month or $995/year with no contract required.

The format of the course includes web-based videos of the content, a lab component for each module, additional reading from external sources, comments sections for the module to interact with other students and instructors, and virtual machines for the attack platform using Backtrack 4 and various target VMs.  Instructors are real-world professionals such as EH-Net columnist Mike Murray, Mike Bailey, Daniel Frye and Jeremy Conway. THA’s Online Curriculum consists of two primary sections, Ethical Hacking and The Cutting Edge.

del.icio.us

Discuss in Forums (8)

Review by Dan Kennedy 

Over the past few years there has been a fairly steady increase in the amount of penetration testing classes available both in an online format as well as the classroom.  Thomas Wilhelm is no stranger to the infosec community as he has written several books within the past few years in contribution such as “Professional Penetration Testing: Creating a Formal Hacking Lab” and “Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques” as well as the initial offering into the certification realm with Heorot.net.  He also has extensive experience within the information security field having worked in a penetration testing role as well as many others.  Enter Hackingdojo.com.

Tom's intent with the Hacking Dojo class platform was to follow a traditional form of learning martial arts, take material covered with his already present Heorot.net certification programs, and mold it into a virtual environment.  He does so in a way that information sharing and direct cooperation between students and instructor(s) could take place, rather than Heorot.net's “learn on your own” style of learning.

del.icio.us

Discuss in Forums (10)

We Have a Winner!!

Every year, we seem to have to rush to make arrangements for the winner of the annual Black Hat USA ticket. Not this year. EH-Net has chosen lorddicranius to be the winner this month of the Conference pass for the BlackHat Briefings (Aug 3 - 4) worth at least $2095. This year's event is described as, "The Black Hat Briefings have become the biggest and the most important security conference series in the world by remaining true to our core value: serving the information security community by delivering timely, actionable security information in a friendly, vendor-neutral environment." Or in plain words, it is THE event of the year for security professionals. With smart attendees, numerous sponsored parties, networking events, top training, expert presentations and DefCon starting the very next day, you'll have an unforgettable experience.

The event takes place in its normal location, Caesars Palace in Las Vegas, NV, with training from July 30 - August 2 followed by the Briefings on August 3 - August 4. Congratulations, and we'll see the rest of you in Vegas Baby!!

del.icio.us Discuss in Forums (15) Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity. Only members are eligible! Registration Is FREE!

by Jason Haddix

Don’t have the cash for a $2000 - 3000 penetration testing course? Don’t know which tools are outdated or relevant? Lost in the sea of Backtrack options? You learn better on your own anyway?

No problem!

BackTrack 4: Assuring Security by Penetration Testing (BASPT), authored by Shakeel Ali and Tedi Heriyanto, is a 12-chapter compendium on everyone’s favorite hacking distribution, Backtrack 4. Filling the need for a refresher to older titles on abandoned projects like Knoppix or Auditor (see somewhat outdated: Penetration Tester’s  Open Source Toolkit, Vol. 2), BASPT gives syntax and usage tips on a plethora of different tools included in the suite and is broken down into the generic pentesting methodology with which most people today are familiar. Not only that, but also the book itself reads like some of those intro to penetration testing classes we have all been to costing many more times the cost of a single book.

Intrigued? Let’s take a closer look.

del.icio.us

Discuss in Forums (11)