|
 By Jamy Klein, MSIA, CISSP
According to Panda Labs over 25 million new pieces of malware were released into the wild in 2009. 2010 is expected to be even worse. In addition to sheer volume, malware is becoming more sophisticated and targeted as a result of the influx of organized crime and state sponsors into the realm of malware authoring. Due to this unsavory trend, the SANS Institute has developed a course, Reverse-Engineering Malware: Malware Analysis Tools and Techniques AKA FORENSICS 610, to help white hats that need essential malware analysis skills and also to prepare security professionals for the GIAC Reverse Engineering Malware (GREM) certification. SANS describes FOR610, as:
“Teaches a practical approach to examining malicious software that runs natively on Microsoft Windows, and covers web-based malware such as JavaScript and Flash files. You will learn how to reverse-engineer malicious programs using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools for turning malware inside-out.”
In my work as a Security Engineer, I am frequently asked to analyze web sites and file downloads for potential infection. This course filled both a professional need and personal interest need for me in malware analysis. After attending the 4-day course (now officially a 5-day course) at SANS Security West 2010 in San Diego, I sat down with the course author and instructor, Lenny Zeltser (pictured), to discuss his background, the course and malware analysis in general.
|
|
Read more...
|
|
|
 As a social engineer, you spend all of your time manipulating people’s brains. Yet most of the social engineers I meet don’t know the difference between the amygdala and the cerebral cortex.
And you need to.
So this article is going to give you a quick trip through the human brain.
The brain isn’t just a single organism – it’s truly a three-part entity known as the triune brain. The idea of the triune brain was first proposed by Paul MacLean. He proposed that the brain that you and your caveman ancestors shared is not a single brain but actually a three part structure. MacLean viewed our brains as similar to "three interconnected biological computers, [each] with its own special intelligence, its own subjectivity, its own sense of time and space and its own memory.” That is, while each of the three brains interacts, each one functions as a separate and somewhat independent unit.
|
|
Read more...
|
|
We Have Winners!
 The chatter and excitement have continued for the new offering by eLearnSecurity (eLS), Penetration Testing Pro (PTP). From the buzz created over the early look in our forums, to an EXCLUSIVE 5% Discount and finally with a great review by our newest columnists, Jason Haddix, it just seemed obvious to ask them for a few seats to give away to EH-Net readers. As I often say, "Just ask." I did and they said yes!! Then it was your turn, and you responded. So...
1. EH-Net Members Equix3n-, What90 and xXxKrisxXx have won the 3 seats in PTP with a value of €449 / $599 each.
2. Don't forget that the 5% Discount is back on. This EXCLUSIVE Offer for EH-Netters has been extended indefinitely!! So when you're ready, SIGN UP HERE.
To quote eLS's Armando Romeo, "I love the way you and EH-Net are helping me, and I’m trying to give something back while in the position of a bootstrapped CEO lol." So if high quality yet inexpensive online training is something that interests you, your employer or your clients, there's a new kid on the block worthy of your time.
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
We Have Winners!
 Like it or not, we always need to continue learning even when the travel purse strings are tied overly tight. CBT Nuggets fit the bill perfectly. For those of you who don't know, CBT stands for computer based training. CBT Nuggets are series of 30 - 60 minute chunks... or nuggets... of videos each covering a given topic on the certification of your choosing. It makes it easy and engaging to study for your certs without the need to travel or complete your studies on someone else's time frame. CBT Nuggets are also very cost effective without flashy productions. They simply concentrate on providing the info you need at prices anyone can afford, and they succeed. Topics include CISSP, CEH, Check Point, CISA, ITIL, Microsoft including PowerShell v2, Cisco, VMware, Wireless, Linux and all of the CompTIA exams!
The 3 deserving EH-Net members are Dengar13, impelse and pizza1337! Each of the winners will receive not only one full month of streaming access to the entire CBT Nuggets Video Library, but they will also receive a $200 CBT Nuggets Gift Certificate. This is enough for another month of full access or can be applied to the full purchase of the video series of their choice. Thanks and congratulations!!
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie... quality is more important than quantity.
|
|
|
 Tutorial by Mark Nicholls AKA n1p
The intent of this exploit tutorial is to educate the reader on the use and understanding of vulnerabilities and exploit development. This will hopefully enable readers to gain a better understanding of the use of exploitation tools and what goes on underneath to more accurately assess the risk of discovered vulnerabilities in a computer environment. It is important for security consultants and ethical hackers to understand how buffer overflows actually work, as having such knowledge will improve penetration testing capabilities. It will also give you the tools to more accurately assess the risk of vulnerabilities and develop effective countermeasures for exploits doing the rounds in the wild.
With this in, I am going to focus exclusively on the practical skills needed to exploit Structured Exception Handler buffer overflows. I won't go into too much detail regarding the theory of how they work, or how buffer overflows can be discovered. There are many other resources available on this subject, and I encourage you to research this further
Warning! Please note that this tutorial is intended for educational purposes only, and skills gained here should NOT be used to attack any system for which you don't have permission to access. It is illegal.
|
|
Read more...
|
|
|
eLearnSecurity’s Penetration Testing Pro - What CEH Should Have Been
 Recently the web has been abuzz with pentest training options. The CEH received new life as it was added to DoD Directive 8570 as well as revamped its courseware in version 6.0, Offensive Security rolled out their version 3.0 of “Pentesting With BackTrack,” and it seems like new training options are coming out almost every day in the field. That being said, I have been lucky enough to receive an advanced copy of the flagship course by eLearnSecurity, Penetration Testing Pro (PTP).
PTP is a three section presentation and video course authored by Armando Romeo (admin of hackerscenter.com), Brett D. Arion, Nitin Kumar, and Vipin Kumar. It has an optional certification component called the Certified Professional Penetration Tester or eCPPT for short. The target audience for the course is security engineers or penetration testers in the 0-3 year experience range. The course divides penetration testing into three categories: System Security, Network Security, and Web Application Security. Let’s take a look at each.
|
|
Read more...
|
|
 We Have 5 Winners of OffSec Online Training!
Offensive Security has carved out a place in the pen testing field that is quite rare. They offer not only high quality training but also at some of the lowest price points in the industry. For an insider's look at Pentesting With BackTrack (PWB), check out Ryan Linn's review of PWB and the associated exam, OSCP. But as well know as PWB is becoming, let's not forget they also have 3 other courses. For you wireless pen testers, there's OffSec Wireless Attacks AKA WiFu, for Windows environments there's Advanced Windows Exploitationand (AWE), and for those ready to prove their mettle, OffSec throws down the gauntlet with Cracking the Perimeter (CTP). OffSec continues to support EH-Net and their members by offering not just 1 but 5 courses for top contributors. We have 2 seats in PWB, 2 in WiFu and 1 in CTP.
In alphabetical order, the winners are: BillV, chrisj, j0rDy, unsupported and zeroflaw. I will contact each one of you individually to choose a course that fits best. Congrats, keep up the great work and keep us posted on how your training goes. All EH-Netters love reviews!!
Remember, Offensive Security has released a new version of PWB which is now aligned with BackTrack 4, has new video recordings, updated courseware, new double-sized lab with new OSs, new web app modules and much more. PWB v3.0 is available NOW. Gee... that's just in time for our winners to get it. Funny how that works out. ;-)
|
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; write an article; spread the word of EH-Net; help a newbie... quality is more important than quantity.
|
|
|
|
Greetings, challenge fans! It’s time (at long last) to announce the WINNERS for our holiday-themed challenge, Miracle on Thirty-Hack Street. I’ve gotta say, we received a huge number of high-quality responses. KJ0 (one of my nicknames for my challenge co-author, Kevin “Frickin’” Johnson) and I felt kinda like we were in the scene from the movie where they dump all the mail on the judge. I apologize for not getting these answers done sooner, but a family medical emergency in January and February consumed much of my attention those months. But, we’re back in action and ready to roll.
Dedicated little elves that we are, Count Kevula and I read every last word of every entry. Actually, we read the first word, too. Oh, and all of the ones in between. (Well, except for one entry, in which we read only every other word. It was kinda confusing, quite honestly. But, since that submission came from Don Donzal, who is ineligible to win, we figured it was OK to skip those words.)
--Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Instructor
|
|
Read more...
|
|
|
 Review by Michael Heinzl AKA awesec
The CEH (Certified Ethical Hacker) certificate is without doubt one of the most heavily discussed security certificates in the english-speaking world, which was one of the reasons why I was curious about it and what challenges I will face with it. As the topics to be covered are very broad based on their published course outline, I was at first skeptical if everything would be covered in enough detail in order to pass the CEH exam successfully.
As questions about CEH pop up every few days, both general ones or in particular about preparation and revision, I hope that this review will help to answer a few of them as well as introduce all of you to EC-Council's own training named iClass. As they describe it:
"iClass is EC Council’s live, online, instructor-led training platform. iClass makes our entire catalog of vendor neutral certifications available to you in multiple schedule formats, dates, and times."
Let's jump right in and take a look.
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
| | Results 66 - 78 of 176 |
|
del.icio.us
(8) 
News Items and General Discussion About EH-Net : [Article]-February 2012 Free Giveaway Sponsor - Global Knowledge
